CVE-2024-34352 — MEDIUM (6.5)

Q: How severe is CVE-2024-34352?

CVE-2024-34352 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-34352?

Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud 1Panel.

Vulnerability Description

1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. The mirror configuration write symbol `>` can be used to achieve arbitrary file writing. This vulnerability is fixed in v1.10.3-lts.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Fit2Cloud	1Panel	< 1.10.3-lts

Related Weaknesses (CWE)

CWE-77

References

https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847ExploitVendor Advisory
https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-f8ch-w75v-c847ExploitVendor Advisory

FAQ

What is CVE-2024-34352?

CVE-2024-34352 is a vulnerability with a CVSS score of 6.5 (MEDIUM). 1Panel is an open source Linux server operation and maintenance management panel. Prior to v1.10.3-lts, there are many command injections in the project, and some of them are not well filtered, leadi...

How severe is CVE-2024-34352?

CVE-2024-34352 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-34352?

Check the references section above for vendor advisories and patch information. Affected products include: Fit2Cloud 1Panel.