CVE-2023-39966 - Vulnerability Details - OpenCVE

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00185.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Fit2cloud	1panel

Configuration 1 [-]

cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-2301	1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue.
Github GHSA	GHSA-hf7j-xj3w-87g4	1Panel arbitrary file write vulnerability

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4

History

Mon, 07 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-10T17:46:21.104Z

Updated: 2024-10-04T18:56:18.054Z

Reserved: 2023-08-07T16:27:27.077Z

Link: CVE-2023-39966

Vulnrichment

Updated: 2024-08-02T18:18:10.194Z

NVD

Status : Modified

Published: 2023-08-10T18:15:11.550

Modified: 2024-11-21T08:16:08.343

Link: CVE-2023-39966

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-39966", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-07T16:27:27.077Z", "datePublished": "2023-08-10T17:46:21.104Z", "dateUpdated": "2024-10-04T18:56:18.054Z"}, "containers": {"cna": {"title": "1Panel arbitrary file write vulnerability exists in the background", "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "lang": "en", "description": "CWE-862: Missing Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4"}, {"name": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "tags": ["x_refsource_MISC"], "url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0"}], "affected": [{"vendor": "1Panel-dev", "product": "1Panel", "versions": [{"version": "= 1.4.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-10T17:46:21.104Z"}, "descriptions": [{"lang": "en", "value": "1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue."}], "source": {"advisory": "GHSA-hf7j-xj3w-87g4", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.194Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4"}, {"name": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0"}]}, {"affected": [{"vendor": "fit2cloud", "product": "1panel", "cpes": ["cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.4.3", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-04T18:15:22.442783Z", "id": "CVE-2023-39966", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T18:56:18.054Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "name": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:18:10.194Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-39966", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-04T18:15:22.442783Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*"], "vendor": "fit2cloud", "product": "1panel", "versions": [{"status": "affected", "version": "1.4.3"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-04T18:56:11.801Z"}}], "cna": {"title": "1Panel arbitrary file write vulnerability exists in the background", "source": {"advisory": "GHSA-hf7j-xj3w-87g4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "1Panel-dev", "product": "1Panel", "versions": [{"status": "affected", "version": "= 1.4.3"}]}], "references": [{"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "name": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "name": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862: Missing Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-10T17:46:21.104Z"}}}, "cveMetadata": {"cveId": "CVE-2023-39966", "state": "PUBLISHED", "dateUpdated": "2024-10-04T18:56:18.054Z", "dateReserved": "2023-08-07T16:27:27.077Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-08-10T17:46:21.104Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fit2cloud:1panel:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "9FB1DBC8-57BC-4F73-AB3E-E87FABCFDBCF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called `SaveContentthat,It `recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this issue."}, {"lang": "es", "value": "1Panel es un panel de gesti\u00f3n de operaci\u00f3n y mantenimiento de servidores Linux de c\u00f3digo abierto. En la versi\u00f3n 1.4.3, una vulnerabilidad de escritura de archivos arbitraria podr\u00eda llevar al control directo del servidor. En el archivo `api/v1/file.go`, hay una funci\u00f3n llamada `SaveContent que `recibe datos JSON enviados por los usuarios en forma de solicitud POST. Y la falta de filtrado de par\u00e1metros permite operaciones de escritura de archivos arbitrarias. La versi\u00f3n 1.5.0 contiene un parche para este problema."}], "id": "CVE-2023-39966", "lastModified": "2024-11-21T08:16:08.343", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-10T18:15:11.550", "references": [{"source": "security-advisories@github.com", "tags": ["Product", "Release Notes"], "url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product", "Release Notes"], "url": "https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}]}