Lucene search

K
cve[email protected]CVE-2023-36457
HistoryJul 05, 2023 - 9:15 p.m.

CVE-2023-36457

2023-07-0521:15:09
CWE-77
web.nvd.nist.gov
2464
1panel
linux
server
management
panel
cve-2023-36457
vulnerability
command injection

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.

Affected configurations

Vulners
NVD
Node
1panel-dev1panelRange<1.3.6

CNA Affected

[
  {
    "vendor": "1Panel-dev",
    "product": "1Panel",
    "versions": [
      {
        "version": "< 1.3.6",
        "status": "affected"
      }
    ]
  }
]

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.3%