Skip to main content

Wings CVE-2024-34066

HIGH
Files or Directories Accessible to External Parties (CWE-552)
2024-05-03 security-advisories@github.com
8.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 03, 2024 - 18:15 nvd
HIGH 8.4

DescriptionNVD

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the ignore_panel_config_updates option as a workaround.

AnalysisAI

Pterodactyl wings is the server control plane for Pterodactyl Panel. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-552. Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the ignore_panel_config_updates option as a workaround. Affected products include: Pterodactyl Wings. Version information: version 1.11.12.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2024-34066 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy