CVE-2023-36458: 1Panel vulnerable to ommand injection when entering the container terminal
First published: Wed Jul 05 2023(Updated: )
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fit2cloud 1panel | <1.3.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-36458?
CVE-2023-36458 is a command injection vulnerability in 1Panel, an open source Linux server operation and maintenance management panel prior to version 1.3.6.
What is the severity of CVE-2023-36458?
CVE-2023-36458 has a severity rating of 8.8, which is considered high.
How does CVE-2023-36458 affect the software?
CVE-2023-36458 affects 1Panel versions prior to 1.3.6 and allows an authenticated attacker to achieve command injection when entering the container terminal.
Has the vulnerability been fixed?
Yes, the vulnerability has been fixed in version 1.3.6 of 1Panel.
How can I fix CVE-2023-36458?
To fix CVE-2023-36458, make sure to update your 1Panel installation to version 1.3.6 or later.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/author
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/fit2cloud
- canonical/fit2cloud 1panel