Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-CB543467C94AE7DB900CA5313224AB5AHistoryMay 09, 2024 - 12:00 a.m.
1Panel arbitrary file write vulnerability
2024-05-0900:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
5
command injections
arbitrary file write
rce
mirror configuration
software
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs.
We can use the following mirror configuration write symbol > to achieve arbitrary file writing
Affected configurations
Node
go1panelRange<1.10.3-lts
Related
osv
osv
Arbitrary file write in github.com/1Panel-dev/1Panel
2024-05-14 13:04:14
1Panel arbitrary file write vulnerability
2024-05-09 15:14:24
nvd
nvd
CVE-2024-34352
2024-05-14 15:38:43
cvelist
cvelist
CVE-2024-34352 Arbitrary file write vulnerability in 1Panel
2024-05-09 14:38:19
cve
cve
CVE-2024-34352
2024-05-14 15:38:43
github
github
1Panel arbitrary file write vulnerability
2024-05-09 15:14:24
vulnrichment
vulnrichment
CVE-2024-34352 Arbitrary file write vulnerability in 1Panel
2024-05-09 14:38:19
veracode
veracode
Command Injection
2024-05-10 08:26:37
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
AI Score
7
Confidence
High
Related for GITLAB-CB543467C94AE7DB900CA5313224AB5A