CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41129 – Authentication bypass in Pterodactyl
https://notcve.org/view.php?id=CVE-2021-41129
06 Oct 2021 — Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not associated with the login attempt. In rare cases this can allow a malicious actor to authenticate as a random user in the Panel. The malicious user must target an account with two-factor authentication enabled, and then must provide a correct two-factor authentication to... • https://github.com/pterodactyl/panel/blob/v1.6.2/CHANGELOG.md#v162 • CWE-287: Improper Authentication CWE-502: Deserialization of Untrusted Data CWE-639: Authorization Bypass Through User-Controlled Key CWE-807: Reliance on Untrusted Inputs in a Security Decision •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-32699 – Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
https://notcve.org/view.php?id=CVE-2021-32699
22 Jun 2021 — Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more resources than intended and cause downstream impacts to other clients on the same hardware, eventually causing the physical server to stop responding. Users should upgrade to `1.4.4` to mitigate the issue. There is no non-code based w... • https://github.com/pterodactyl/wings/commit/e0078eee0a71d61573a94c75e6efcad069d78de3 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1020002
https://notcve.org/view.php?id=CVE-2019-1020002
29 Jul 2019 — Pterodactyl before 0.7.14 with 2FA allows credential sniffing. Pterodactyl anterior a versión 0.7.14 con 2FA, permite el rastreo de credenciales. • https://github.com/pterodactyl/panel/security/advisories/GHSA-vcm9-hx3q-qwj8 • CWE-203: Observable Discrepancy •