Advisories for Golang/Github.com/1Panel-Dev/1Panel package

2024

1Panel is vulnerable to command injection

1Panel is vulnerable to command injection. This vulnerability has been classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended …

1Panel open source panel project has an unauthorized vulnerability.

Impact The steps are as follows: Access https://IP:PORT/ in the browser, which prompts the user to access with a secure entry point. Use Burp to intercept: When opening the browser and entering the URL (allowing the first intercepted packet through Burp), the following is displayed: It is found that in this situation, we can access the console page (although no data is returned and no modification operations can be performed)." …

2023

Missing Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It recieves JSON data sent by users in the form of a POST request. And the lack of parameter filtering allows for arbitrary file write operations. Version 1.5.0 contains a patch for this …

Incorrect Authorization

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, arbitrary file reads allow an attacker to read arbitrary important configuration files on the server. In the api/v1/file.go file, there is a function called LoadFromFile, which directly reads the file by obtaining the requested path parameter[path]. The request parameters are not filtered, resulting in a background arbitrary file reading vulnerability. Version 1.5.0 has a patch …

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

1Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 1Panel firewall functionality /hosts/firewall/ip endpoint read user input without validation, the attacker extends the default functionality of the application, which execute system commands. An attacker can …