Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Server-side Request Forgery during remote file pull in Pterodactyl wings
Vulnerability Description
Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Wings 安全漏洞
Vulnerability Description
Wings是Pterodactyl Panel 的服务器控制界面。 Wings 1.11.12 之前版本存在安全漏洞,该漏洞源于有权访问游戏服务器的用户能够绕过之前实施的访问控制,允许攻击者访问本地网络上原本无法访问的资源。
CVSS Information
N/A
Vulnerability Type
N/A