pterodactyl/panel Security Advisories for v1.4.1 (6)
-
[MEDIUM] Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
PKSA-r7r5-9g2g-bhnx CVE-2024-49762 GHSA-c479-wq8g-57hr
Affected version: <1.11.8
Reported by:
GitHub -
[MEDIUM] Pterodactyl panel's admin area vulnerable to Cross-site Scripting
PKSA-w7w4-x3d5-y8hz CVE-2024-34067 GHSA-384w-wffr-x63q
Affected version: <1.11.6
Reported by:
GitHub -
[MEDIUM] Insufficient Session Expiration in Pterodactyl API
PKSA-2ydv-ypnd-xrp7 GHSA-7v3x-h7r2-34jv
Affected version: <1.7.0
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
PKSA-yr2t-b9wk-qw33 CVE-2021-41273 GHSA-wwgq-9jhf-qgw6
Affected version: <1.6.6
Reported by:
GitHub -
[LOW] pterodactyl/panel CSRF allowing an external page to trigger a user logout event
PKSA-z228-fcgp-ds2d CVE-2021-41176 GHSA-m49f-hcxp-6hm6
Affected version: >=1.0.0,<1.6.3
Reported by:
GitHub -
[HIGH] Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
PKSA-56gp-gqk7-m2wf CVE-2021-41129 GHSA-5vfx-8w6m-h3v4
Affected version: >=1.0.0,<1.6.2
Reported by:
GitHub