CloudPanel file-manager Auth bypass (CVE-2023-35885)
Description
CloudPanel versions prior to 2.3.1 contain an authentication bypass vulnerability (CVE-2023-35885) in the file-manager component. Attackers can exploit this flaw by sending specially crafted HTTP requests that circumvent authentication mechanisms, gaining unauthorized access to the file management interface without valid credentials. This vulnerability allows complete bypass of the application's authentication layer, exposing sensitive file operations to unauthenticated users.
Remediation
Immediately upgrade CloudPanel to version 2.3.1 or later, which addresses this authentication bypass vulnerability. Follow these steps:
1. Backup your current CloudPanel configuration and data
2. Review CloudPanel's official release notes and upgrade documentation
3. Update CloudPanel using the official upgrade procedure for your installation method
4. After upgrading, verify the version number in the CloudPanel dashboard
5. Review access logs for any suspicious file-manager access attempts prior to patching
6. If immediate patching is not possible, restrict network access to the CloudPanel interface using firewall rules or IP whitelisting as a temporary mitigation measure