x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2024-34066 #2814

GoVulnBot · 2024-05-03T19:01:30Z

CVE-2024-34066 references github.com/pterodactyl/wings, which may be a Go module.

Description:
Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated to. This issue has been addressed in version 1.11.12 and users are advised to upgrade. Users unable to upgrade may enable the ignore_panel_config_updates option as a workaround.

References:

NIST: https://nvd.nist.gov/vuln/detail/CVE-2024-34066
JSON: https://github.com/CVEProject/cvelist/tree/9dd19dd18cc63cca2d2b5574c051c436a40e6d98/2024/34xxx/CVE-2024-34066.json
advisory: GHSA-gqmf-jqgv-v8fw
fix: pterodactyl/wings@5415f8a
Imported by: https://pkg.go.dev/github.com/pterodactyl/wings?tab=importedby

Cross references:

Module github.com/pterodactyl/wings appears in issue x/vulndb: potential Go vuln in github.com/pterodactyl/wings: GHSA-6rg3-8h8x-5xfv #389 EFFECTIVELY_PRIVATE
Module github.com/pterodactyl/wings appears in issue x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2021-32699, GHSA-jj6m-r8jc-2gp7 #919 NOT_IMPORTABLE
Module github.com/pterodactyl/wings appears in issue x/vulndb: potential Go vuln in github.com/pterodactyl/wings: GHSA-p8r3-83r8-jwj5 #1542 EFFECTIVELY_PRIVATE
Module github.com/pterodactyl/wings appears in issue x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2023-25168 #1555 EFFECTIVELY_PRIVATE
Module github.com/pterodactyl/wings appears in issue x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2023-32080 #1768 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/pterodactyl/wings
      vulnerable_at: 1.11.12
      packages:
        - package: wings
summary: CVE-2024-34066 in github.com/pterodactyl/wings
cves:
    - CVE-2024-34066
references:
    - advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw
    - fix: https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de
source:
    id: CVE-2024-34066

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-05-17T20:42:48Z

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

tatianab self-assigned this May 6, 2024

tatianab added the triaged label May 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2024-34066 #2814

x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2024-34066 #2814

GoVulnBot commented May 3, 2024

gopherbot commented May 17, 2024

x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2024-34066 #2814

x/vulndb: potential Go vuln in github.com/pterodactyl/wings: CVE-2024-34066 #2814

Comments

GoVulnBot commented May 3, 2024

gopherbot commented May 17, 2024