CVE-2023-39964

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0	Product Release Notes
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*

History

08 Sep 2023, 16:56

Type	Values Removed	Values Added
First Time		Fit2cloud 1panel Fit2cloud
CPE	cpe:2.3:a:1panel:1panel:1.4.3:::::::*	cpe:2.3:a:fit2cloud:1panel:1.4.3:::::::*

16 Aug 2023, 18:44

Type	Values Removed	Values Added
First Time		1panel 1panel 1panel
References	~~(MISC) https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5 -~~	(MISC) https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5 - Exploit, Vendor Advisory
References	~~(MISC) https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 -~~	(MISC) https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 - Product, Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.5
CPE		cpe:2.3:a:1panel:1panel:1.4.3:::::::*

10 Aug 2023, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-10 18:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-39964

Mitre link : CVE-2023-39964

CVE.ORG link : CVE-2023-39964

JSON object : View

Products Affected

fit2cloud

1panel

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2023-39964", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-08-10T18:15:11.043", "references": [{"url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the `api/v1/file.go` file, there is a function called `LoadFromFile`, which directly reads the file by obtaining the requested path `parameter[path]`. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue."}, {"lang": "es", "value": "1Panel es un panel de gesti\u00f3n de operaci\u00f3n y mantenimiento de servidores Linux de c\u00f3digo abierto. En la versi\u00f3n 1.4.3 las lecturas de archivos arbitrarios permiten a un atacante leer archivos de configuraci\u00f3n importantes y arbitrarios en el servidor. En el archivo `api/v1/file.go`, hay una funci\u00f3n llamada `LoadFromFile`, que lee directamente el archivo obteniendo la ruta solicitada `par\u00e1metro [ruta]`. Los par\u00e1metros de solicitud no se filtran, lo que genera una vulnerabilidad de lectura de archivos arbitrarios en segundo plano. La versi\u00f3n 1.5.0 tiene un parche para este problema."}], "lastModified": "2023-09-08T16:56:28.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FB1DBC8-57BC-4F73-AB3E-E87FABCFDBCF"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}