CVE-2023-36457: 1Panel vulnerable to command injection when adding container repositories
First published: Wed Jul 05 2023(Updated: )
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fit2cloud 1panel | <1.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-36457?
CVE-2023-36457 is a vulnerability in 1Panel, an open source Linux server operation and maintenance management panel, that allows an authenticated attacker to achieve command injection when adding container repositories.
What is the severity of CVE-2023-36457?
The severity of CVE-2023-36457 is high with a CVSS score of 8.8.
How can I exploit CVE-2023-36457?
We do not provide information or support for exploiting vulnerabilities. This helps ensure the security of users and systems.
How do I fix CVE-2023-36457?
To fix CVE-2023-36457, update to version 1.3.6 of 1Panel, as the vulnerability has been fixed in this release.
Where can I find more information about CVE-2023-36457?
You can find more information about CVE-2023-36457 in the following references: [1](https://github.com/1Panel-dev/1Panel/releases/tag/v1.3.6) [2](https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-q2mx-gpjf-3h8x)
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/author
- agent/tags
- vendor/fit2cloud
- canonical/fit2cloud 1panel