CVE-2023-39966
published 2023-08-10CVE-2023-39966: 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.70%
48.4th percentile
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 1panel-dev | 1panel | — | — |
| fit2cloud | 1panel | — | — |
| github.com | 1panel-dev_1panel | >= 1.4.3 < 1.5.0 | 1.5.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
1Panel arbitrary file write vulnerability in github.com/1Panel-dev/1Panel
osv·2024-08-21
CVE-2023-39966 1Panel arbitrary file write vulnerability in github.com/1Panel-dev/1Panel
1Panel arbitrary file write vulnerability in github.com/1Panel-dev/1Panel
1Panel arbitrary file write vulnerability in github.com/1Panel-dev/1Panel
GHSA
1Panel arbitrary file write vulnerability
ghsa·2023-08-10
CVE-2023-39966 [HIGH] CWE-862 1Panel arbitrary file write vulnerability
1Panel arbitrary file write vulnerability
# Summary
An arbitrary file write vulnerability could lead to direct control of the server
# Details
## Arbitrary file creation
In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations.It looks like this:
- Vulnerable Code
# PoC
- We can write the SSH public key into the /etc/.root/authorized_keys configuration file on the server.
- The server was successfully written to the public key
- Successfully connected to the target server using an SSH private key.
As a result, the server is directly controlled, causing serious **harm**
# Impact
1Panel v1.4.3
OSV
1Panel arbitrary file write vulnerability
osv·2023-08-10
CVE-2023-39966 [HIGH] 1Panel arbitrary file write vulnerability
1Panel arbitrary file write vulnerability
# Summary
An arbitrary file write vulnerability could lead to direct control of the server
# Details
## Arbitrary file creation
In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations.It looks like this:
- Vulnerable Code
# PoC
- We can write the SSH public key into the /etc/.root/authorized_keys configuration file on the server.
- The server was successfully written to the public key
- Successfully connected to the target server using an SSH private key.
As a result, the server is directly controlled, causing serious **harm**
# Impact
1Panel v1.4.3
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-10
Published