CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34067 – Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel
https://notcve.org/view.php?id=CVE-2024-34067
Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance could lead to cross site scripting (XSS) on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: Egg Docker images and Egg variables: Name, Environment variable, Default value, Description, Validation rules. Additionally, certain fields would reflect malicious input, but it would require the user knowingly entering such input to have an impact. To iterate, this would require an administrator to perform actions and can't be triggered by a normal panel user. • https://github.com/pterodactyl/panel/commit/0dad4c5a488661f9adc27dd311542516d9bfa0f2 https://github.com/pterodactyl/panel/commit/1172d71d31561c4e465dabdf6b838e64de48ad16 https://github.com/pterodactyl/panel/commit/f671046947e4695b5e1c647df79305c1cefdf817 https://github.com/pterodactyl/panel/security/advisories/GHSA-384w-wffr-x63q • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41273 – Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
https://notcve.org/view.php?id=CVE-2021-41273
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a malicious user could execute a CSRF-based attack against the following endpoints: Sending a test email and Generating a node auto-deployment token. At no point would any data be exposed to the malicious user, this would simply trigger email spam to an administrative user, or generate a single auto-deployment token unexpectedly. This token is not revealed to the malicious user, it is simply created unexpectedly in the system. This has been addressed in release `1.6.6`. • https://github.com/pterodactyl/panel/commit/bf9cbe2c6d5266c6914223e067c56175de7fc3a5 https://github.com/pterodactyl/panel/security/advisories/GHSA-wwgq-9jhf-qgw6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41176 – logout CSRF in Pterodactyl Panel
https://notcve.org/view.php?id=CVE-2021-41176
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3. Pterodactyl es un panel de administración de servidores de juegos de código abierto construido con PHP 7, React y Go. • https://github.com/pterodactyl/panel/commit/45999ba4ee1b2dcb12b4a2fa2cedfb6b5d66fac2 https://github.com/pterodactyl/panel/releases/tag/v1.6.3 https://github.com/pterodactyl/panel/security/advisories/GHSA-m49f-hcxp-6hm6 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41129 – Authentication bypass in Pterodactyl
https://notcve.org/view.php?id=CVE-2021-41129
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication token before being authenticated as that user. Due to a validation flaw in the logic handling user authentication during the two-factor authentication process a malicious user can trick the system into loading credentials for an arbitrary user by modifying the token sent to the server. • https://github.com/pterodactyl/panel/blob/v1.6.2/CHANGELOG.md#v162 https://github.com/pterodactyl/panel/commit/4a84c36009be10dbd83051ac1771662c056e4977 https://github.com/pterodactyl/panel/releases/tag/v1.6.2 https://github.com/pterodactyl/panel/security/advisories/GHSA-5vfx-8w6m-h3v4 • CWE-287: Improper Authentication CWE-502: Deserialization of Untrusted Data CWE-639: Authorization Bypass Through User-Controlled Key CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-26255 – PHP Phar archives could be uploaded and executed in Kirby
https://notcve.org/view.php?id=CVE-2020-26255
Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and Kirby Panel before version 2.5.14 , an editor with full access to the Kirby Panel can upload a PHP .phar file and execute it on the server. This vulnerability is critical if you might have potential attackers in your group of authenticated Panel users, as they can gain access to the server with such a Phar file. Visitors without Panel access *cannot* use this attack vector. The problem has been patched in Kirby 2.5.14 and Kirby 3.4.5. • https://github.com/getkirby-v2/panel/commit/5a569d4e3ddaea2b6628d7ec1472a3e8bc410881 https://github.com/getkirby/kirby/commit/db8f371b13036861c9cc5ba3e85e27f73fce5e09 https://github.com/getkirby/kirby/releases/tag/3.4.5 https://github.com/getkirby/kirby/security/advisories/GHSA-g3h8-cg9x-47qw https://packagist.org/packages/getkirby/cms https://packagist.org/packages/getkirby/panel • CWE-434: Unrestricted Upload of File with Dangerous Type •