1panel
CVE-2023-39964
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue.
AnalysisAI
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. 1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch for this issue. Affected products include: Fit2Cloud 1Panel. Version information: version 1.4.3.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.
1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r
1Panel is a web-based linux server management control panel. Rated critical severity (CVSS 9.8), this vulnerability is r
A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Rated critical severity (C
1Panel is an open source Linux server operation and maintenance management panel. Rated critical severity (CVSS 9.8), th
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated medium severity (CVSS 4.3), this
1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 7.5), this v
1Panel is an open source Linux server operation and maintenance management panel. Rated low severity (CVSS 3.1), this vu
Cross-site request forgery in 1Panel (versions 1.10.33 through 2.0.15) lets a remote attacker change the TCP port the we
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today