CVE-2024-27102

Improper isolation of server file access in github.com/pterodactyl/wings

Severity Score

9.9

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. Details on the exploitation of this vulnerability are embargoed until March 27th, 2024 at 18:00 UTC. In order to mitigate this vulnerability, a full rewrite of the entire server filesystem was necessary. Because of this, the size of the patch is massive, however effort was made to reduce the amount of breaking changes. Users are advised to update to version 1.11.9. There are no known workarounds for this vulnerability.

Wings es el plano de control del servidor de Pterodactyl Panel. Esta vulnerabilidad afecta a cualquiera que ejecute las versiones afectadas de Wings. La vulnerabilidad puede usarse potencialmente para acceder a archivos y directorios en el sistema host. Se desconoce exactamente el alcance total del impacto, pero es posible leer archivos fuera del directorio base de un servidor (raíz de la zona de pruebas). Para utilizar este exploit, un atacante debe tener un "servidor" existente asignado y controlado por Wings. Los detalles sobre la explotación de esta vulnerabilidad están embargados hasta el 27 de marzo de 2024 a las 18:00 UTC. Para mitigar esta vulnerabilidad, fue necesaria una reescritura completa de todo el sistema de archivos del servidor. Debido a esto, el tamaño del parche es enorme, sin embargo, se hizo un esfuerzo para reducir la cantidad de cambios importantes. Se recomienda a los usuarios que actualicen a la versión 1.11.9. No se conocen workarounds para esta vulnerabilidad.

*Credits: N/A

CVSS Scores

GitHubv3.1 9.9

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-02-19 CVE Reserved
2024-03-13 CVE Published
2024-03-14 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-363: Race Condition Enabling Link Following

CAPEC

References (2)

URL	Tag	Source
https://github.com/pterodactyl/wings/commit/d1c0ca526007113a0f74f56eba99511b4e989287	X_refsource_misc
https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pterodactyl Search vendor "Pterodactyl"		Wings Search vendor "Pterodactyl" for product "Wings"				< 1.11.9 Search vendor "Pterodactyl" for product "Wings" and version " < 1.11.9"		en		Affected