What is CVE-2023-39965?

CVE-2023-39965 is a medium-severity vulnerability in 1panel-dev 1panel, classified under Incorrect Authorization. CVSS score: 6.5/10. Published 2023-08-10.

How severe is CVE-2023-39965?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in 1panel-dev 1panel

CVE-2023-39965

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely dow…

Vulnerability class: Broken Access Control

EPSS: 0.001 (29.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L.

Affected products

1panel-dev 1panel — versions = 1.4.3

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555 (x_refsource_CONFIRM)
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-39965?: CVE-2023-39965 is a medium-severity vulnerability in 1panel-dev 1panel, classified under Incorrect Authorization. CVSS score: 6.5/10. Published 2023-08-10.
How severe is CVE-2023-39965?: Medium severity. CVSS v3 base score is 6.5 out of 10.