CVE-2023-39965 MEDIUM

CVE-2023-39965: 1Panel Unauthorized access in Backend

Vendor 1Panel-Dev

Product 1Panel

Weakness CWE-863 · Incorrect authorization

Published August 10, 2023

Last update October 4, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.

Key dates

02Disclosure timeline

August 10, 2023 CVE published

October 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-39965

Related vulnerabilities

CVE-2023-39965: 1Panel Unauthorized access in Backend

01Description

02Disclosure timeline

03References

04Related CVE