Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary File Write/Read in Pterodactyl wings
Vulnerability Description
Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the `ignore_panel_config_updates` option as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
Wings 安全漏洞
Vulnerability Description
Wings是Pterodactyl Panel 的服务器控制界面。 Wings 1.11.12 之前版本存在安全漏洞,该漏洞源于Wings 令牌可以通过查看节点配置意外泄露,允许攻击者使用它来获得与令牌关联的节点上的任意文件写入和读取访问权限。
CVSS Information
N/A
Vulnerability Type
N/A