CVE-2023-36458 MEDIUM

CVE-2023-36458: 1Panel vulnerable to ommand injection when entering the container terminal

Vendor 1Panel-Dev
Product 1Panel
Weakness CWE-77
Published July 5, 2023
Last update October 18, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.

Key dates

02Disclosure timeline

July 5, 2023 CVE published
October 18, 2024 Record updated