Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
logout CSRF in Pterodactyl Panel
Vulnerability Description
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Pterodactyl 跨站请求伪造漏洞
Vulnerability Description
Pterodactyl是一款使用PHP、Nodejs和Go构建的开源游戏服务器管理面板。 Pterodactyl 1.6.3之前版本存在跨站请求伪造漏洞,该漏洞源于当登录用户访问向面板的注销端点发出请求的恶意网站,则恶意用户可以触发用户注销。
CVSS Information
N/A
Vulnerability Type
N/A