Vulnerability Details : CVE-2023-39966
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
Products affected by CVE-2023-39966
- cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-39966
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 61 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-39966
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2023-39966
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-39966
-
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4
An arbitrary file write vulnerability exists in the background · Advisory · 1Panel-dev/1Panel · GitHubExploit;Vendor Advisory
-
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
Release v1.5.0 · 1Panel-dev/1Panel · GitHubProduct;Release Notes
Jump to