CVE-2023-39965: Incorrect Authorization

August 10, 2023

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.

References

github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555
github.com/advisories/GHSA-85cf-gj29-f555
nvd.nist.gov/vuln/detail/CVE-2023-39965

Detect and mitigate CVE-2023-39965 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →