CVE-2023-37477 – github.com/1panel-dev/1panel

Package

Manager: go
Name: github.com/1panel-dev/1panel
Vulnerable Version: >=0 <1.4.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00575 pctl0.67795

Details

1Panel command injection vulnerability in Firewall ip functionality ### Summary An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. ### Details 1Panel firewall functionality `/hosts/firewall/ip` endpoint read user input without validation, the attacker extends the default functionality of the application, which execute system commands. ### PoC the payload `; sleep 3 #` will lead server response in 3 seconds ![image](https://user-images.githubusercontent.com/4935500/252299676-bc4a8b92-e475-40ee-a92a-fec9fad7a6c3.png) the payload `; sleep 6 #` will lead server response in 6 seconds ![image](https://user-images.githubusercontent.com/4935500/252299871-766cc411-69e5-4c6c-b4ff-7774fa974ea0.png) ### Impact An attacker can execute arbitrary code on the target system, which can lead to a complete compromise of the system. ### Patches The vulnerability has been fixed in v1.4.3. ### Workarounds It is recommended to upgrade the version to v1.4.3. ### References If you have any questions or comments about this advisory: Open an issue in https://github.com/1Panel-dev/1Panel Email us at wanghe@fit2cloud.com

Metadata

Created: 2023-07-18T19:10:58Z
Modified: 2023-07-27T18:49:02Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-p9xf-74xh-mhw5/GHSA-p9xf-74xh-mhw5.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-p9xf-74xh-mhw5
Finding: F404
Auto approve: 1