Home > Vulnerability Database > WS-2021-0394

Mend.io Vulnerability Database

WS-2021-0394

Good to know:

Date: October 5, 2021

In pterodactyl/panel before 1.6.2 there is an authentication bypass due to improper user-provided security token verification

Language: PHP

Severity Score

8.1

Related Resources (2)

Url: https://github.com/pterodactyl/panel/commit/4a84c36009be10dbd83051ac1771662c056e4977

Url: https://www.mend.io/vulnerability-database/WS-2021-0394

Severity Score

8.1

Weakness Type (CWE)

Authentication Bypass by Alternate Name

CWE-289

Top Fix

Upgrade Version

Upgrade to version pterodactyl/panel - dev-dane/fiddle-with-new-tables;pterodactyl/panel - dev-feature/sophisticated-permissions;pterodactyl/panel - dev-issue/3535;pterodactyl/panel - dev-actions/tests-patch-1;pterodactyl/panel - dev-dusk;pterodactyl/panel - dev-release/v1.6.2;pterodactyl/panel - dev-dane/type-cleanup;pterodactyl/panel - dev-1.0-develop;pterodactyl/panel - dev-dane/sanctum;pterodactyl/panel - dev-fix/forge;pterodactyl/panel - dev-matthewpi/database-tls;pterodactyl/panel - dev-laravel-8

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2021-0394

Good to know:

Date: October 5, 2021

Language: PHP

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?