CVE-2024-34067

Summary

CVE-2024-34067 is a newly disclosed vulnerability affecting Pterodactyl, an open-source game server management panel. The issue lies in the importing of malicious eggs or unauthorized access to wings instances, which can trigger cross-site scripting (XSS) attacks. Specifically, the vulnerable components include Docker images and variables such as Name, Environment variable, Default value, Description, and Validation rules. Although user intervention is required, this vulnerability can lead to the unauthorized acquisition of administrator accounts on the panel. Version 1.11.6 of Pterodactyl addresses the vulnerability, and users are strongly advised to upgrade as no workarounds are available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.