CVE-2024-34066

EPSS 0.54%
Veröffentlicht 03.05.2024 18:15:09
Zuletzt bearbeitet 21.02.2025 15:15:38
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the `ignore_panel_config_updates` option as a workaround.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pterodactyl ≫ Wings Version < 1.11.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.413

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
security-advisories@github.com	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de

Patch

https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw

Patch

Vendor Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2024-34066

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-34066

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-34066

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-34066