CVE-2024-34068

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published May 3, 2024

Updated: May 6, 2024

CWE ID 441

CWE ID 284

Summary

CVE-2024-34068 is a vulnerability affecting Pterodactyl wings, the server control plane for Pterodactyl Panel. An authenticated user with game server access can bypass previous access control mechanisms and reach internal endpoints on nodes hosting Wings through the pull endpoint. This issue potentially exposes local network resources to malicious users. Version 1.11.2 addresses this vulnerability, and users are advised to upgrade. As an alternative, users unable to upgrade can enable the `api.disable_remote_download` option to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vr-73m
https://www.cve.org/CVERecord?id=CVE-2024-34068
https://nvd.nist.gov/vuln/detail/CVE-2024-34068

Back to Vulnerability Database

CVE-2024-34068

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations