Home > Vulnerability Database > CVE-2024-34066

Mend.io Vulnerability Database

CVE-2024-34066

Good to know:

Date: May 3, 2024

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the "ignore_panel_config_updates" option as a workaround.

Language: Go

Severity Score

8.4

Related Resources (5)

Url: https://github.com/pterodactyl/wings

Url: https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de

Url: https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-34066

Url: https://www.mend.io/vulnerability-database/CVE-2024-34066

Severity Score

8.4

Weakness Type (CWE)

Files or Directories Accessible to External Parties

CWE-552

Top Fix

Upgrade Version

Upgrade to version github.com/pterodactyl/wings - v1.11.12

Learn More

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-34066

Good to know:

Date: May 3, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?