Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Vulnerability Description
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, or generate a single auto-deployment token unexpectedly. This token is not revealed to the malicious user, it is simply created unexpectedly in the system. This has been addressed in release `1.6.6`. Users may optionally manually apply the fixes released in v1.6.6 to patch their own systems.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
Pterodactyl 跨站请求伪造漏洞
Vulnerability Description
Pterodactyl是一款使用PHP、Nodejs和Go构建的开源游戏服务器管理面板。 Pterodactyl 中存在跨站请求伪造漏洞,该漏洞源于产品的路由配置缺少恰当的CSRF保护。攻击者可通过该漏洞发送测试文件以及生成节点自动部署的令牌。
CVSS Information
N/A
Vulnerability Type
N/A