Wings
CVE-2024-34066
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the ignore_panel_config_updates option as a workaround.
AnalysisAI
Pterodactyl wings is the server control plane for Pterodactyl Panel. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-552. Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the ignore_panel_config_updates option as a workaround. Affected products include: Pterodactyl Wings. Version information: version 1.11.12.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Wings for Pterodactyl versions 1.7.0 through 1.11.x fail to respect SQLite's maximum parameter limit when deleting activ
Wings is the server control plane for Pterodactyl Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely
Wings is Pterodactyl's server control plane. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,
Wings is the server control plane for Pterodactyl Panel. Rated high severity (CVSS 8.5), this vulnerability is remotely
Wings is Pterodactyl's server control plane. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable.
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.
Wings is the control plane software for the open source Pterodactyl game management system. Rated medium severity (CVSS
Pterodactyl wings is the server control plane for Pterodactyl Panel. Rated medium severity (CVSS 6.4), this vulnerabilit
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP co
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today