CVE-2024-34352

Name of the Vulnerable Software and Affected Versions 1Panel versions prior to 1.10.3-lts

Description The issue is related to command injections in the project that are not well filtered, leading to arbitrary file writes and ultimately to remote code executions (RCEs). The mirror configuration write symbol > can be used to achieve arbitrary file writing. This can be exploited by sending a maliciously crafted packet to write to an arbitrary file, potentially leading to a host takeover. The vulnerability can be exploited through the "/api/v1/containers/search/log" API endpoint, allowing an attacker to write customized files, such as ssh keys, and execute any command.

Recommendations For versions prior to 1.10.3-lts, update to version 1.10.3-lts to fix the vulnerability. As a temporary workaround, consider restricting access to the "/api/v1/containers/search/log" API endpoint to minimize the risk of exploitation. Additionally, avoid using the mirror configuration write symbol > until the issue is resolved.