CVE-2024-34352: 1Panel arbitrary file write vulnerability

May 9, 2024

There are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. We can use the following mirror configuration write symbol > to achieve arbitrary file writing

References

github.com/1Panel-dev/1Panel
github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847
github.com/advisories/GHSA-f8ch-w75v-c847
nvd.nist.gov/vuln/detail/CVE-2024-34352

Detect and mitigate CVE-2024-34352 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →