CVE-2024-34068 - Vulnerability Details - OpenCVE

Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pterodactyl	Wings

Configuration 1 [-]

cpe:2.3:a:pterodactyl:wings:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8
https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv
https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv

History

Fri, 21 Feb 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Pterodactyl Pterodactyl wings
Weaknesses		CWE-918
CPEs		cpe:2.3:a:pterodactyl:wings::::::::
Vendors & Products		Pterodactyl Pterodactyl wings

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-05-03T17:34:16.318Z

Updated: 2024-08-02T02:42:59.896Z

Reserved: 2024-04-30T06:56:33.381Z

Link: CVE-2024-34068

Vulnrichment

Updated: 2024-08-02T02:42:59.896Z

NVD

Status : Analyzed

Published: 2024-05-03T18:15:09.773

Modified: 2025-02-21T15:19:39.417

Link: CVE-2024-34068

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34068", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-30T06:56:33.381Z", "datePublished": "2024-05-03T17:34:16.318Z", "dateUpdated": "2024-08-02T02:42:59.896Z"}, "containers": {"cna": {"title": "Server-side Request Forgery during remote file pull in Pterodactyl wings", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-441", "lang": "en", "description": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv"}, {"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv", "tags": ["x_refsource_MISC"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"}, {"name": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8", "tags": ["x_refsource_MISC"], "url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8"}], "affected": [{"vendor": "pterodactyl", "product": "wings", "versions": [{"version": "< 1.11.12", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-03T17:34:16.318Z"}, "descriptions": [{"lang": "en", "value": "Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. "}], "source": {"advisory": "GHSA-qq22-jj8x-4wwv", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34068", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-03T20:28:51.313918Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:pterodactyl:wings:-:*:*:*:*:*:*:*"], "vendor": "pterodactyl", "product": "wings", "versions": [{"status": "affected", "version": "-", "lessThan": "1.11.12", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:41:09.166Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.896Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv"}, {"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"}, {"name": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv", "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv", "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8", "name": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:42:59.896Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34068", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-03T20:28:51.313918Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:pterodactyl:wings:-:*:*:*:*:*:*:*"], "vendor": "pterodactyl", "product": "wings", "versions": [{"status": "affected", "version": "-", "lessThan": "1.11.12", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-03T20:29:17.000Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Server-side Request Forgery during remote file pull in Pterodactyl wings", "source": {"advisory": "GHSA-qq22-jj8x-4wwv", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "pterodactyl", "product": "wings", "versions": [{"status": "affected", "version": "< 1.11.12"}]}], "references": [{"url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv", "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv", "name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8", "name": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. "}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-441", "description": "CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-03T17:34:16.318Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34068", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:42:59.896Z", "dateReserved": "2024-04-30T06:56:33.381Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-03T17:34:16.318Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pterodactyl:wings:*:*:*:*:*:*:*:*", "matchCriteriaId": "D05B5FFA-55EC-4269-A3D5-475EFBE44CF3", "versionEndExcluding": "1.11.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. "}, {"lang": "es", "value": "Pterodactyl Wings es el plano de control del servidor para Pterodactyl Panel. Un usuario autenticado que tiene acceso a un servidor de juegos puede eludir el control de acceso implementado previamente (GHSA-6rg3-8h8x-5xfv) que impide el acceso a los endpoints internos del nodo que aloja Wings en el endpoint de extracci\u00f3n. Esto permitir\u00eda a usuarios malintencionados acceder potencialmente a recursos en redes locales que de otro modo ser\u00edan inaccesibles. Este problema se solucion\u00f3 en la versi\u00f3n 1.11.2 y se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar pueden habilitar la opci\u00f3n `api.disable_remote_download` como workaround."}], "id": "CVE-2024-34068", "lastModified": "2025-02-21T15:19:39.417", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-03T18:15:09.773", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8"}, {"source": "security-advisories@github.com", "tags": ["Related"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/pterodactyl/wings/commit/c152e36101aba45d8868a9a0eeb890995e8934b8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Related"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Vendor Advisory"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-qq22-jj8x-4wwv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-441"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}