UniqueSoft/openpanel
2
0
Fork 0
mirror of https://github.com/stefanpejcic/openpanel synced 2025-06-26 18:28:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update 0.3.5.md

Browse Source
This commit is contained in:
Stefan Pejcic 2024-11-07 18:15:59 +01:00 committed by GitHub
parent a181c1af6c
commit 00732e9778
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
website/docs/changelog/0.3.5.md
View File

@ -23,3 +23,14 @@ Not yet released.
- `opencli user-login` will now display list of users to select and autocomplete username.
- Optimized `openpanel/openpanel:latest` docker image.
- `git` and `apparmor` are now installed automatically on Debian12.
### ️🚨 Security fixes
- *Insecure Permission Modification via Fix Permission Function* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container.
- *Remote Code Execution via Fix Permission* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Remote Code Execution via Change Time Zone* vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Unauthorized File Access via Copy Function* vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Compress Function* vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
- *Unauthorized File Access* vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Download Function* vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
- *Unauthorized File Access via View Function* path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.