1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.
References
Link | Resource |
---|---|
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 | Product Release Notes |
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555 | Exploit Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-08-10T17:42:05.793Z
Updated: 2023-08-10T17:42:05.793Z
Reserved: 2023-08-07T16:27:27.076Z
Link: CVE-2023-39965
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-08-10T18:15:11.213
Modified: 2023-09-08T16:56:15.427
Link: CVE-2023-39965
JSON object: View
Redhat Information
No data.
CWE