What is CVE-2021-41129?

CVE-2021-41129 is a high-severity vulnerability in Pterodactyl Panel, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2021-10-06.

How severe is CVE-2021-41129?

High severity. CVSS v3 base score is 8.1 out of 10.

Auth bypass in Pterodactyl Panel

CVE-2021-41129

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value no…

Vulnerability class: Insecure Deserialization

EPSS: 0.003 (49.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Pterodactyl Panel — versions >= 1.0.0, < 1.6.2

Weakness classification (CWE)

References

github.com/pterodactyl/panel/security/advisories/GHSA-5vfx-8w6m-h3v4 (x_refsource_CONFIRM)
github.com/pterodactyl/panel/commit/4a84c36009be10dbd83051ac1771662c056e4977 (x_refsource_MISC)
github.com/pterodactyl/panel/blob/v1.6.2/CHANGELOG.md (x_refsource_MISC)
github.com/pterodactyl/panel/releases/tag/v1.6.2 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-41129?: CVE-2021-41129 is a high-severity vulnerability in Pterodactyl Panel, classified under Deserialization of Untrusted Data. CVSS score: 8.1/10. Published 2021-10-06.
How severe is CVE-2021-41129?: High severity. CVSS v3 base score is 8.1 out of 10.