Lucene search
K

146 matches found

osv
osv
added 2024/06/10 4:39 p.m.22 views

GO-2024-2815 Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull in github.com/pterodactyl/wings...

6.4CVSS6.3AI score0.00394EPSS
Exploits0References4
openvas
openvas
added 2024/06/07 12:0 a.m.7 views

Fedora: Security Advisory for rust-bat (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
osv
osv
added 2024/06/04 3:19 p.m.49 views

GO-2024-2642 Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings

Pterodactyl Wings vulnerable to improper isolation of server file access in github.com/pterodactyl/wings...

9.9CVSS9.1AI score0.0055EPSS
Exploits0References3
osv
osv
added 2024/05/03 8:29 p.m.15 views

GHSA-QQ22-JJ8X-4WWV Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This wou...

6.4CVSS6.2AI score0.00394EPSS
Exploits0References6
github
github
added 2024/05/03 8:29 p.m.22 views

Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull

Impact An authenticated user who has access to a game server is able to bypass the previously implemented access control https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This wou...

6.4CVSS6.8AI score0.00394EPSS
Exploits0References6Affected Software1
osv
osv
added 2024/05/03 8:28 p.m.15 views

GHSA-GQMF-JQGV-V8FW Pterodactyl Wings vulnerable to Arbitrary File Write/Read

Impact If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. Workarounds Enabling the ignorepanelconfigupdates option or updating to th...

8.4CVSS8.4AI score0.00544EPSS
Exploits0References4
github
github
added 2024/05/03 8:28 p.m.22 views

Pterodactyl Wings vulnerable to Arbitrary File Write/Read

Impact If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. Workarounds Enabling the ignorepanelconfigupdates option or updating to th...

8.4CVSS7.4AI score0.00544EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2024/05/03 6:15 p.m.13 views

CVE-2024-34066

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

8.4CVSS8.4AI score0.00544EPSS
Exploits0References2
osv
osv
added 2024/05/03 5:42 p.m.16 views

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

8.4CVSS8.1AI score0.00544EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2024/05/03 5:42 p.m.18 views

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

8.4CVSS8.4AI score0.00544EPSS
Exploits0References2
cve
cve
added 2024/05/03 5:42 p.m.64 views

CVE-2024-34066

The CVE-2024-34066 issue affects Pterodactyl Wings (github.com/pterodactyl/wings). If the Wings token is leaked (for example via node configuration exposure or accidental posting), an attacker can gain arbitrary file write and read access on the associated node. Root cause: leaked token enabling ...

8.4CVSS6.8AI score0.00544EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2024/05/03 5:42 p.m.18 views

CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue h...

8.4CVSS8.6AI score0.00544EPSS
Exploits0References2
cvelist
cvelist
added 2024/05/03 5:34 p.m.25 views

CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

6.4CVSS6.5AI score0.00394EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2024/05/03 5:34 p.m.13 views

CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control GHSA-6rg3-8h8x-5xfv that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. Thi...

6.4CVSS6.3AI score0.00394EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/05/03 12:0 a.m.5 views

Pterodactyl 跨站脚本漏洞

Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. A cross-site scripting vulnerability exists in versions of Pterodactyl prior to 1.11.6, which stems from the fact that importing a malicious egg or gaining access to a wings instance may result in...

6.1CVSS5.8AI score0.00457EPSS
Exploits0References5
cnnvd
cnnvd
added 2024/05/03 12:0 a.m.3 views

Wings 安全漏洞

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in Wings versions prior to 1.11.12, which stems from a Wings token that can be accidentally disclosed by viewing the node configuration, allowing an attacker to use it to gain write and read access to...

8.4CVSS8.2AI score0.00544EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2024/05/03 12:0 a.m.6 views

PT-2024-25677 · Pterodactyl · Pterodactyl Wings

Name of the Vulnerable Software and Affected Versions: Pterodactyl Wings versions prior to 1.11.12 Description: The issue allows an attacker to gain arbitrary file write and read access on a node if the Wings token is leaked, either by viewing the node configuration or posting it accidentally...

8.4CVSS7.4AI score0.00544EPSS
Exploits0References10
cnnvd
cnnvd
added 2024/05/03 12:0 a.m.6 views

Wings 代码问题漏洞

Wings is the server control interface for Pterodactyl Panel. A security vulnerability exists in versions of Wings prior to 1.11.12, which arises from the ability of a user with privileged access to the game server to bypass previously implemented access controls, allowing an attacker to access...

6.4CVSS6.2AI score0.00394EPSS
Exploits0References4
osv
osv
added 2024/03/15 4:48 p.m.23 views

GHSA-494H-9924-XWW9 Pterodactyl Wings vulnerable to improper isolation of server file access

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...

9.9CVSS9.2AI score0.0055EPSS
Exploits0References4
github
github
added 2024/03/15 4:48 p.m.26 views

Pterodactyl Wings vulnerable to improper isolation of server file access

Impact This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory sandbox root is...

9.9CVSS7.1AI score0.0055EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder