Lucene search
Veracode Vulnerability DatabaseVERACODE:41128HistoryJul 06, 2023 - 7:35 a.m.
Command Injection
2023-07-0607:35:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
command injection
vulnerability
containerwsssh
terminal.go
malicious payloads
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
25.1%
github.com/1panel-dev/1panel is vulnerable to Command Injections. The vulnerability exists in ContainerWsSsh function at terminal.go when entering the container terminal which allows an attacker to craft malicious payloads and perform injections.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/1panel-dev/1panel | le | v1.3.5 | |
| github.com/1panel-dev/1panel | le | v1.3.5 |
Related
nvd
nvd
CVE-2023-36458
2023-07-05 21:15:09
cvelist
cvelist
prion
prion
Command injection
2023-07-05 21:15:00
gitlab
gitlab
osv
osv
1Panel vulnerable to command injection when entering the container terminal
2023-07-05 21:38:53
CVE-2023-36458
2023-07-05 21:15:09
github
github
1Panel vulnerable to command injection when entering the container terminal
2023-07-05 21:38:53
cve
cve
CVE-2023-36458
2023-07-05 21:15:09
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
25.1%
Related for VERACODE:41128