EUVD-2024-1751

Malicious code in bioql PyPI...

GO-2024-2815 Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings...

GO-2024-2692 Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble

Pebble service manager's file pull API allows access by any user in github.com/canonical/pebble...

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This wou...

CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user

Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...

Duplicate Advisory: Pebble service manager's file pull API allows access by any user

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references. Original Description It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed...

GHSA-65PC-76PQ-PVF5 Duplicate Advisory: Pebble service manager's file pull API allows access by any user

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4685-2x5r-65pj. This link is maintained to preserve external references. Original Description It was discovered that Pebble's read-file API and the associated pebble pull command, before v1.10.2, allowed...