Lucene search

GoogleOSV:GO-2024-2815

HistoryJun 10, 2024 - 4:39 p.m.

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

2024-06-1016:39:03

Google

osv.dev

pterodactyl wings

ssrf

remote file pull

github

vulnerability

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.5%

JSON

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

References

github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8

github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv

github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv

nvd.nist.gov/vuln/detail/CVE-2024-34068

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for OSV:GO-2024-2815