CVE-2023-39965

MEDIUM6.5EPSS 0.11%

1Panel Arbitrary File Download vulnerability

發布日:2023/8/10修改日:2024/8/21

也稱為:GHSA-85cf-gj29-f555GO-2023-2005

描述

### Summary Any file downloading vulnerability exists in 1Panel backend. ### Details Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. ![image](https://user-images.githubusercontent.com/116613486/257246024-d0e35800-5fd8-4907-8b1b-504afaad859e.png) ### PoC payload: POST /api/v1/files/download/bypath HTTP/1.1 Host: ip Content-Type: application/json {"path":"/etc/passwd"} ![f77959349e96543436eea18283fa75c](https://user-images.githubusercontent.com/116613486/257245459-13f2f31b-fcfe-4a27-ba52-e2f1e5d4d749.png) ### Impact Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.

受影響套件(2)

Go/github.com/1Panel-dev/1Panel>= 1.4.3, < 1.5.0
Go/github.com/1Panel-dev/1Panel>= 1.4.3, < 1.5.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

描述

受影響套件(2)

CVSS 分數

參考連結(4)