CVE-2023-32080Execution with Unnecessary Privileges in Wings

CWE-250Execution with Unnecessary Privileges4 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Pterodactyl WingsGithub.com Pterodactyl Wings
Timeline
PublishedMay 10
Latest updateAug 20

Description

Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if a user is able to modify an server's install script or the install script executes code supplied by the user (either through environment variables, or commands that execute commands based off of user data). This vulnerab

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5pterodactyl/wings< 1.7.5+1
NVDpterodactyl/wings1.11.01.11.6+1
Gogithub.com/pterodactyl_wings1.11.01.11.6+1

🔴Vulnerability Details

3
OSV
Wings vulnerable to escape to host from installation container in github.com/pterodactyl/wings2024-08-20
OSV
Wings vulnerable to escape to host from installation container2023-05-11
GHSA
Wings vulnerable to escape to host from installation container2023-05-11