
We found results for “”
CVE-2021-41176
Good to know:

Date: October 25, 2021
Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3.
Language: PHP
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Cross-Site Request Forgery (CSRF)
CWE-352Top Fix

Upgrade Version
Upgrade to version pterodactyl/panel - dev-release/v1.6.3;pterodactyl/panel - dev-dane/fiddle-with-new-tables;pterodactyl/panel - dev-1.0-develop;pterodactyl/panel - dev-actions/tests-patch-1;pterodactyl/panel - dev-dusk;pterodactyl/panel - dev-dane/laravel-9;pterodactyl/panel - dev-feature/sophisticated-permissions;pterodactyl/panel - dev-dane/sanctum;pterodactyl/panel - dev-feature/react-admin;pterodactyl/panel - dev-matthewpi/database-tls;pterodactyl/panel - dev-dane/type-cleanup;pterodactyl/panel - dev-fix/forge
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | NONE |
Integrity (I): | LOW |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | NONE |
Integrity (I): | PARTIAL |
Availability (A): | NONE |
Additional information: |