1Panel O&M management panel has a background arbitrary file reading vulnerability

GHSA-pv7q-v9mv-9mh5 · CVE-2023-39964 · GO-2023-2004

Published Aug 10, 2023 · Modified Aug 21, 2024

Description

Summary

Arbitrary file reads allow an attacker to read arbitrary important configuration files on the server.

Details

In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability

PoC

Request /api/v1/files/loadfile, carry /etc/passwd data to read, as shown below:
微信图片_20230731112833

Impact

1Panel v1.4.3

References

WEB https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-pv7q-v9mv-9mh5
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-39964
PACKAGE https://github.com/1Panel-dev/1Panel
WEB https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes