CVE-2023-39965
MEDIUM1Panel 1.4.3-<1.5.0 - Authenticated Arbitrary File Read via API Interface
Title source: llmDescription
1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555
Product, Release Notes x_refsource_misc
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0
Scores
CVSS v3
6.5
EPSS
0.0038
EPSS Percentile
29.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-863
Status
published
Products (2)
1Panel-dev/1Panel
1.4.3 - 1.5.0Go
fit2cloud/1panel
1.4.3
Published
Aug 10, 2023
Tracked Since
Feb 18, 2026