Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2024-34066 #2814

Closed
GoVulnBot opened this issue May 3, 2024 · 2 comments
Assignees
Labels

Comments

@GoVulnBot
Copy link

CVE-2024-34066 references github.com/pterodactyl/wings, which may be a Go module.

Description:
Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the ignore_panel_config_updates option as a workaround.

References:

Cross references:

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/pterodactyl/wings
      vulnerable_at: 1.11.12
      packages:
        - package: wings
summary: CVE-2024-34066 in github.com/pterodactyl/wings
cves:
    - CVE-2024-34066
references:
    - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw
    - fix: https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de
source:
    id: CVE-2024-34066

@tatianab tatianab self-assigned this May 6, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants