What is CVE-2023-39966?

CVE-2023-39966 is a high-severity vulnerability in 1panel-dev 1panel, classified under Missing Authorization. CVSS score: 7.5/10. Published 2023-08-10.

How severe is CVE-2023-39966?

High severity. CVSS v3 base score is 7.5 out of 10.

Auth bypass in 1panel-dev 1panel

CVE-2023-39966

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, an arbitrary file write vulnerability could lead to direct control of the server. In the `api/v1/file.go` file, there is a function called…

Vulnerability class: Broken Access Control

EPSS: 0.002 (46.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N.

Affected products

1panel-dev 1panel — versions = 1.4.3

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-hf7j-xj3w-87g4 (x_refsource_CONFIRM)
https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-39966?: CVE-2023-39966 is a high-severity vulnerability in 1panel-dev 1panel, classified under Missing Authorization. CVSS score: 7.5/10. Published 2023-08-10.
How severe is CVE-2023-39966?: High severity. CVSS v3 base score is 7.5 out of 10.