Home > Vulnerability Database > CVE-2023-39965

Mend.io Vulnerability Database

CVE-2023-39965

Good to know:

Date: August 10, 2023

1Panel is an open source Linux server operation and maintenance management panel. In version 1.4.3, authenticated attackers can download arbitrary files through the API interface. This code has unauthorized access. Attackers can freely download the file content on the target system. This may cause a large amount of information leakage. Version 1.5.0 has a patch for this issue.

Language: Go

Severity Score

4.3

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-39965

Url: https://github.com/1Panel-dev/1Panel/releases/tag/v1.5.0

Url: https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-85cf-gj29-f555

Url: https://www.mend.io/vulnerability-database/CVE-2023-39965

Severity Score

4.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v1.5.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-39965

Good to know:

Date: August 10, 2023

Language: Go

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?