Lucene search

K
githubGitHub Advisory DatabaseGHSA-QQ22-JJ8X-4WWV
HistoryMay 03, 2024 - 8:29 p.m.

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

2024-05-0320:29:59
CWE-284
CWE-441
GitHub Advisory Database
github.com
8
pterodactyl wings
ssrf
server-side request forgery
remote file pull
access control
local networks
workarounds
latest version
software update

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Impact

An authenticated user who has access to a game server is able to bypass the previously implemented access control (https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible.

Workarounds

Enabling the api.disable_remote_download option or updating to the latest version of Wings are the only known workarounds.

Patches

https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8

Affected configurations

Vulners
Node
github_advisory_databasegithub.com\/pterodactyl\/wingsRange<1.11.12
CPENameOperatorVersion
github.com/pterodactyl/wingslt1.11.12

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.5%

Related for GHSA-QQ22-JJ8X-4WWV