CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0	Product Release Notes
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*

History

08 Sep 2023, 16:56

Type	Values Removed	Values Added
CPE	cpe:2.3:a:1panel:1panel:1.4.3:::::::*	cpe:2.3:a:fit2cloud:1panel:1.4.3:::::::*
First Time		Fit2cloud 1panel Fit2cloud

16 Aug 2023, 18:55

Type	Values Removed	Values Added
First Time		1panel 1panel 1panel
CPE		cpe:2.3:a:1panel:1panel:1.4.3:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
References	~~(MISC) https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4 -~~	(MISC) https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4 - Exploit, Vendor Advisory
References	~~(MISC) https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 -~~	(MISC) https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 - Product, Release Notes

10 Aug 2023, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-08-10 18:15

Updated : 2024-02-28 20:33

NVD link : CVE-2023-39966

Mitre link : CVE-2023-39966

CVE.ORG link : CVE-2023-39966

JSON object : View

Products Affected

fit2cloud

1panel

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-39966", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-08-10T18:15:11.550", "references": [{"url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "tags": ["Product", "Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue."}, {"lang": "es", "value": "1Panel es un panel de gesti\u00f3n de operaci\u00f3n y mantenimiento de servidores Linux de c\u00f3digo abierto. En la versi\u00f3n 1.4.3, una vulnerabilidad de escritura de archivos arbitraria podr\u00eda llevar al control directo del servidor. En el archivo `api/v1/file.go`, hay una funci\u00f3n llamada `SaveContent que `recibe datos JSON enviados por los usuarios en forma de solicitud POST. Y la falta de filtrado de par\u00e1metros permite operaciones de escritura de archivos arbitrarias. La versi\u00f3n 1.5.0 contiene un parche para este problema."}], "lastModified": "2023-09-08T16:56:24.123", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FB1DBC8-57BC-4F73-AB3E-E87FABCFDBCF"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}