Description
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.
References
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2023-08-10T18:15:11.213
1 year agoLast modified
2023-09-08T16:56:15.427
1 year ago