GHSA-p9xf-74xh-mhw5

Advisory Details

### Summary
An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

### Details
1Panel firewall functionality `/hosts/firewall/ip` endpoint read user input without validation, the attacker extends the default functionality of the application, which execute system commands.

### PoC
the payload `; sleep 3 #` will lead server response in 3 seconds
![image](https://user-images.githubusercontent.com/4935500/252299676-bc4a8b92-e475-40ee-a92a-fec9fad7a6c3.png)

the payload `; sleep 6 #` will lead server response in 6 seconds
![image](https://user-images.githubusercontent.com/4935500/252299871-766cc411-69e5-4c6c-b4ff-7774fa974ea0.png)

### Impact
An attacker can execute arbitrary code on the target system, which can lead to a complete compromise of the system.

### Patches

The vulnerability has been fixed in v1.4.3.

### Workarounds

It is recommended to upgrade the version to v1.4.3.

### References

If you have any questions or comments about this advisory:

Open an issue in https://github.com/1Panel-dev/1Panel
Email us at [email protected]

Affected Packages

Go github.com/1Panel-dev/1Panel

Affected versions: 0 (fixed in 1.4.3)

Related CVEs

CVE-2023-37477

1Panel command injection vulnerability in Firewall ip functionality

Advisory Details

Affected Packages

Related CVEs

Key Information

Dataset