CVE-2023-39966

Name of the Vulnerable Software and Affected Versions 1Panel versions 1.4.3

Description An arbitrary file write vulnerability could lead to direct control of the server. In the api/v1/file.go file, there is a function called SaveContentthat,It that receives JSON data sent by users in the form of a POST request. The lack of parameter filtering allows for arbitrary file write operations. This issue can be exploited by writing the SSH public key into the /etc/.root/authorized keys configuration file on the server, allowing for direct control of the server.

Recommendations For version 1.4.3, update to version 1.5.0 to resolve the issue. As a temporary workaround, consider restricting access to the api/v1/file.go file or disabling the SaveContentthat,It function until a patch is applied. Avoid using the vulnerable API endpoint until the issue is resolved.