CVE-2023-39964
Summary
| CVE | CVE-2023-39964 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-10 18:15:00 UTC |
| Updated | 2023-09-08 16:56:00 UTC |
| Description | 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. |
Risk And Classification
Problem Types: CWE-22
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v1.5.0 · 1Panel-dev/1Panel · GitHub | MISC | github.com | |
| 1Panel O&M management panel has a background arbitrary file reading vulnerability · Advisory · 1Panel-dev/1Panel · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 994812 GO (Go) Security Update for github.com/1Panel-dev/1Panel (GHSA-pv7q-v9mv-9mh5)