CVE-2019-1020002 — Observable Discrepancy in Panel

CWE-203 — Observable Discrepancy3 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

2

Pterodactyl Panel Pterodactyl Panel

Timeline

PublishedJul 29

Latest updateMay 24

Description

Pterodactyl before 0.7.14 with 2FA allows credential sniffing.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDpterodactyl/panel< 0.7.14

▶Packagistpterodactyl/panel< 0.7.14

▶CVEListV5pterodactyl/pterodactyl_panel< 0.7.14

🔴Vulnerability Details

2

GHSA

Pterodactyl vulnerable to 2FA Sniffing↗2022-05-24

▶

OSV

Pterodactyl vulnerable to 2FA Sniffing↗2022-05-24

▶