Vulnerability-Lookup

GHSA-6RG3-8H8X-5XFV

Vulnerability from github – Published: 2021-06-23 18:04 – Updated: 2021-10-05 17:24

Summary

Unchecked hostname resolution could allow access to local network resources by users outside the local network

Details

Impact

A newly implemented route allowing users to download files from remote endpoints was not properly verifying the destination hostname for user provided URLs. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible.

This vulnerability requires valid authentication credentials and is therefore not exploitable by unauthenticated users. If you are running an instance for yourself or other trusted individuals this impact is unlikely to be of major concern to you. However, you should still upgrade for security sake.

Patches

Users should upgrade to the latest version of Wings.

Workarounds

There is no workaround available that does not involve modifying Panel or Wings code.

Severity ?

6.4 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard Create KEV Entry

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/pterodactyl/wings"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.2.0"
            },
            {
              "fixed": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.2.0"
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-441"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-23T18:04:30Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nA newly implemented route allowing users to download files from remote endpoints was not properly verifying the destination hostname for user provided URLs. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible.\n\nThis vulnerability requires valid authentication credentials and is therefore **not exploitable by unauthenticated users**. If you are running an instance for yourself or other trusted individuals this impact is unlikely to be of major concern to you. However, you should still upgrade for security sake.\n\n### Patches\nUsers should upgrade to the latest version of Wings.\n\n### Workarounds\nThere is no workaround available that does not involve modifying Panel or Wings code.\n",
  "id": "GHSA-6rg3-8h8x-5xfv",
  "modified": "2021-10-05T17:24:11Z",
  "published": "2021-06-23T18:04:50Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-6rg3-8h8x-5xfv"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/pterodactyl/wings"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Unchecked hostname resolution could allow access to local network resources by users outside the local network"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted