First published: Thu Aug 10 2023(Updated: )
### Summary Any file downloading vulnerability exists in 1Panel backend. ### Details Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. ![image](https://user-images.githubusercontent.com/116613486/257246024-d0e35800-5fd8-4907-8b1b-504afaad859e.png) ### PoC payload: POST /api/v1/files/download/bypath HTTP/1.1 Host: ip Content-Type: application/json {"path":"/etc/passwd"} ![f77959349e96543436eea18283fa75c](https://user-images.githubusercontent.com/116613486/257245459-13f2f31b-fcfe-4a27-ba52-e2f1e5d4d749.png) ### Impact Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fit2cloud 1panel | =1.4.3 | |
go/github.com/1Panel-dev/1Panel | =1.4.3 | 1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-39965 is a vulnerability in 1Panel backend that allows authenticated attackers to download arbitrary files through the API interface.
CVE-2023-39965 has a severity rating of 6.5, which is considered medium.
Authenticated attackers can exploit CVE-2023-39965 by utilizing unauthorized access to download arbitrary files through the API interface of 1Panel.
The affected software version of 1Panel is 1.4.3.
To fix CVE-2023-39965, you need to update 1Panel to version 1.5.0 or higher.