High severityNVD Advisory· Published Aug 10, 2023· Updated Oct 4, 2024
1Panel arbitrary file write vulnerability exists in the background
CVE-2023-39966
Description
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/1Panel-dev/1PanelGo | >= 1.4.3, < 1.5.0 | 1.5.0 |
Affected products
1- Range: = 1.4.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-hf7j-xj3w-87g4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39966ghsaADVISORY
- github.com/1Panel-dev/1Panel/releases/tag/v1.5.0ghsax_refsource_MISCWEB
- github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.