CVE-2024-34352

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 6.5

CVSS3: 7.5

EPSS Низкий

Описание

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol > can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.

Ссылки

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847
Exploit
Vendor Advisory
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fit2cloud:1panel:*:*:*:*:*:*:*:*

Версия до 1.10.3-lts (исключая)

EPSS

Процентиль: 85%

0.0244

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-f8ch-w75v-c847

CVSS3: 6.5

github

больше 1 года назад

1Panel arbitrary file write vulnerability

EPSS

Процентиль: 85%

0.0244

Низкий

6.5 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-77