Wanghe-Fit2Cloud

**Name of the Vulnerable Software and Affected Versions** 1Panel versions prior to 1.10.3-lts **Description** The issue is related to the password verification in the source code of 1Panel, which uses the != symbol instead of `hmac.Equal`. This may lead to a timing attack vulnerability, potentially allowing an attacker to crack passwords. All users of this product are affected. **Recommendations** For versions prior to 1.10.3-lts, update to version 1.10.3-lts to fix the vulnerability. As a temporary workaround, consider modifying the password verification to use `hmac.Equal` instead of the != symbol until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** 1Panel versions prior to 1.10.1-lts **Description** 1Panel is an open source Linux server operation and maintenance management panel. Users can obtain unauthorized access to the console page by intercepting with Burp. The vulnerability allows access to the console page, although no data is returned and no modification operations can be performed. **Recommendations** To resolve the issue, upgrade to version 1.10.1-lts or later. As a temporary workaround, consider restricting access to the console page until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** 1Panel versions prior to 1.9.6 **Description** The HTTPS cookie that comes with the 1Panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue affects everyone who has configured the panel for HTTPS. **Recommendations** For versions prior to 1.9.6, update to version 1.9.6 to resolve the issue. As a temporary workaround, consider configuring HTTPS directly for the panel to minimize the risk of exploitation. Restrict access to the panel when using HTTP to prevent the cookie from being sent in plain text.

**Name of the Vulnerable Software and Affected Versions** 1Panel versions prior to 1.3.6 **Description** The issue is related to command injection when entering the container terminal in 1Panel, an open source Linux server operation and maintenance management panel. An authenticated attacker can craft malicious payloads to achieve this. The vulnerability allows a remote attacker to execute arbitrary commands. **Recommendations** For versions prior to 1.3.6, upgrade to version 1.3.6 to fix the vulnerability. As a temporary workaround, consider restricting access to the container terminal until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** 1Panel versions prior to 1.3.6 **Description** The issue is related to command injection when adding container repositories. An authenticated attacker can craft a malicious payload to achieve this. The vulnerability is due to the lack of proper neutralization of special elements used in the operating system command. This can allow a remote attacker to execute arbitrary commands. **Recommendations** For versions prior to 1.3.6, upgrade to version 1.3.6 to fix the vulnerability. As a temporary workaround, consider restricting access to the `backendappapiv1image repo.go#create` and `backendappserviceimage repo.go#CheckConn` functions until the patch is applied. Avoid using the `username` parameter in the affected API endpoint `/api/v1/containers/repo` until the issue is resolved.