Lucene search

[email protected]NVD:CVE-2023-39966

HistoryAug 10, 2023 - 6:15 p.m.

CVE-2023-39966

2023-08-1018:15:11

CWE-862

[email protected]

web.nvd.nist.gov

cve-2023-39966

linux server

file write vulnerability

server control

api security

json data

parameter filtering

patch

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

Affected configurations

Nvd

Node

fit2cloud1panelMatch1.4.3

VendorProductVersionCPE
fit2cloud1panel1.4.3cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fit2cloud	1panel	1.4.3	cpe:2.3:a:fit2cloud:1panel:1.4.3:::::::*

References

github.com/1Panel-dev/1Panel/releases/tag/v1.5.0

github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

61.0%

JSON

Related for NVD:CVE-2023-39966

veracode1 github1 osv3 cve1 prion1 cvelist1 gitlab1