icon

We found results for “

CVE-2021-41176

Good to know:

icon

Date: October 25, 2021

Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. **No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.** This is fixed in version 1.6.3.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

Top Fix

icon

Upgrade Version

Upgrade to version pterodactyl/panel - dev-release/v1.6.3;pterodactyl/panel - dev-dane/fiddle-with-new-tables;pterodactyl/panel - dev-1.0-develop;pterodactyl/panel - dev-actions/tests-patch-1;pterodactyl/panel - dev-dusk;pterodactyl/panel - dev-dane/laravel-9;pterodactyl/panel - dev-feature/sophisticated-permissions;pterodactyl/panel - dev-dane/sanctum;pterodactyl/panel - dev-feature/react-admin;pterodactyl/panel - dev-matthewpi/database-tls;pterodactyl/panel - dev-dane/type-cleanup;pterodactyl/panel - dev-fix/forge

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us