Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:46760
HistoryMay 06, 2024 - 7:51 a.m.

Access Control Bypass

2024-05-0607:51:33
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
access control bypass
improper access controls
pull endpoint
authenticated users
local networks
vulnerable software

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

github.com/pterodactyl/wings is vulnerable to Access Control Bypass. The vulnerability is due to improper access controls within the pull endpoint, allowing authenticated users to evade restrictions and potentially access resources on local networks.

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

Related for VERACODE:46760