What is CVE-2024-34066?

CVE-2024-34066 is a high-severity vulnerability in Pterodactyl Wings, classified under Files or Directories Accessible to External Parties. CVSS score: 8.5/10. Published 2024-05-03.

How severe is CVE-2024-34066?

High severity. CVSS v3 base score is 8.5 out of 10.

Vulnerability in Pterodactyl Wings

CVE-2024-34066

Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read a…

EPSS: 0.003 (56.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.5 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H.

Affected products

Pterodactyl Wings — versions < 1.11.12

Weakness classification (CWE)

CWE-552 — Files or Directories Accessible to External Parties

References

https://github.com/pterodactyl/wings/security/advisories/GHSA-gqmf-jqgv-v8fw (x_refsource_CONFIRM)
https://github.com/pterodactyl/wings/commit/5415f8ae07f533623bd8169836dd7e0b933964de (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-34066?: CVE-2024-34066 is a high-severity vulnerability in Pterodactyl Wings, classified under Files or Directories Accessible to External Parties. CVSS score: 8.5/10. Published 2024-05-03.
How severe is CVE-2024-34066?: High severity. CVSS v3 base score is 8.5 out of 10.