CVE-2024-34068 (GCVE-0-2024-34068)

Vulnerability from cvelistv5 – Published: 2024-05-03 17:34 – Updated: 2024-08-02 02:42
VLAI?
Summary
Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CWE
  • CWE-284 - Improper Access Control
  • CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')
Assigner
References
Impacted products
Vendor Product Version
pterodactyl wings Affected: < 1.11.12
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pterodactyl:wings:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "wings",
            "vendor": "pterodactyl",
            "versions": [
              {
                "lessThan": "1.11.12",
                "status": "affected",
                "version": "-",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34068",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-03T20:28:51.313918Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:41:09.166Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:42:59.896Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv"
          },
          {
            "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"
          },
          {
            "name": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "wings",
          "vendor": "pterodactyl",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-441",
              "description": "CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-03T17:34:16.318Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv"
        },
        {
          "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"
        },
        {
          "name": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8"
        }
      ],
      "source": {
        "advisory": "GHSA-qq22-jj8x-4wwv",
        "discovery": "UNKNOWN"
      },
      "title": "Server-side Request Forgery during remote file pull in Pterodactyl wings"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34068",
    "datePublished": "2024-05-03T17:34:16.318Z",
    "dateReserved": "2024-04-30T06:56:33.381Z",
    "dateUpdated": "2024-08-02T02:42:59.896Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. \"}, {\"lang\": \"es\", \"value\": \"Pterodactyl Wings es el plano de control del servidor para Pterodactyl Panel. Un usuario autenticado que tiene acceso a un servidor de juegos puede eludir el control de acceso implementado previamente (GHSA-6rg3-8h8x-5xfv) que impide el acceso a los endpoints internos del nodo que aloja Wings en el endpoint de extracci\\u00f3n. Esto permitir\\u00eda a usuarios malintencionados acceder potencialmente a recursos en redes locales que de otro modo ser\\u00edan inaccesibles. Este problema se solucion\\u00f3 en la versi\\u00f3n 1.11.2 y se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden habilitar la opci\\u00f3n `api.disable_remote_download` como workaround.\"}]",
      "id": "CVE-2024-34068",
      "lastModified": "2024-11-21T09:18:01.393",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"baseScore\": 6.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 2.7}]}",
      "published": "2024-05-03T18:15:09.773",
      "references": "[{\"url\": \"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Awaiting Analysis",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-284\"}, {\"lang\": \"en\", \"value\": \"CWE-441\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-34068\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-05-03T18:15:09.773\",\"lastModified\":\"2025-02-21T15:19:39.417\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. \"},{\"lang\":\"es\",\"value\":\"Pterodactyl Wings es el plano de control del servidor para Pterodactyl Panel. Un usuario autenticado que tiene acceso a un servidor de juegos puede eludir el control de acceso implementado previamente (GHSA-6rg3-8h8x-5xfv) que impide el acceso a los endpoints internos del nodo que aloja Wings en el endpoint de extracci\u00f3n. Esto permitir\u00eda a usuarios malintencionados acceder potencialmente a recursos en redes locales que de otro modo ser\u00edan inaccesibles. Este problema se solucion\u00f3 en la versi\u00f3n 1.11.2 y se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden habilitar la opci\u00f3n `api.disable_remote_download` como workaround.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"},{\"lang\":\"en\",\"value\":\"CWE-441\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:pterodactyl:wings:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.2\",\"matchCriteriaId\":\"D05B5FFA-55EC-4269-A3D5-475EFBE44CF3\"}]}]}],\"references\":[{\"url\":\"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Related\"]},{\"url\":\"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Related\"]},{\"url\":\"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\", \"name\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\", \"name\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\", \"name\": \"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T02:42:59.896Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-34068\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-03T20:28:51.313918Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pterodactyl:wings:-:*:*:*:*:*:*:*\"], \"vendor\": \"pterodactyl\", \"product\": \"wings\", \"versions\": [{\"status\": \"affected\", \"version\": \"-\", \"lessThan\": \"1.11.12\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-03T20:29:17.000Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Server-side Request Forgery during remote file pull in Pterodactyl wings\", \"source\": {\"advisory\": \"GHSA-qq22-jj8x-4wwv\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"pterodactyl\", \"product\": \"wings\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 1.11.12\"}]}], \"references\": [{\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\", \"name\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\", \"name\": \"https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\", \"name\": \"https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. \"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284: Improper Access Control\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-441\", \"description\": \"CWE-441: Unintended Proxy or Intermediary (\u0027Confused Deputy\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-05-03T17:34:16.318Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-34068\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T02:42:59.896Z\", \"dateReserved\": \"2024-04-30T06:56:33.381Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-05-03T17:34:16.318Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.