Vulnerability Details : CVE-2023-39965
Potential exploit
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.
Vulnerability category: Bypass
Products affected by CVE-2023-39965
- cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39965
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39965
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST | |
|
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L |
2.3
|
3.7
|
GitHub, Inc. |
CWE ids for CVE-2023-39965
-
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-39965
-
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555
1Panel Unauthorized access in Backend · Advisory · 1Panel-dev/1Panel · GitHubExploit;Vendor Advisory
-
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
Release v1.5.0 · 1Panel-dev/1Panel · GitHubProduct;Release Notes
Jump to