Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-2F46F1AECC4BDEDFEFB45353D2852C13

HistoryJul 05, 2023 - 12:00 a.m.

Improper Neutralization of Special Elements used in a Command ('Command Injection')

2023-07-0500:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

linux

server

command injection

open source

vulnerability

software

terminal

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.3%

JSON

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.

Affected configurations

Vulners

Node

go1panelRange<v1.3.6

CPENameOperatorVersion
go/github.com/1panel-dev/1panelltv1.3.6

CPE	Name	Operator	Version
	go/github.com/1panel-dev/1panel	lt	v1.3.6

References

github.com/1Panel-dev/1Panel/releases/tag/v1.3.6

github.com/1Panel-dev/1Panel/security/advisories/GHSA-7x2c-fgx6-xf9h

github.com/advisories/GHSA-7x2c-fgx6-xf9h

nvd.nist.gov/vuln/detail/CVE-2023-36458

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

25.3%

JSON

Related for GITLAB-2F46F1AECC4BDEDFEFB45353D2852C13