Hdvinnie

**Name of the Vulnerable Software and Affected Versions** Pterodactyl versions prior to 1.6.3 **Description** A malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint, such as "/api/v1/auth/logout". This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. No user details are leaked, nor is any user data affected, this is simply an annoyance at worst. **Recommendations** For versions prior to 1.6.3, update to version 1.6.3 to resolve the issue. As a temporary workaround, consider restricting access to the sign-out endpoint until a patch is available.