CVE-2021-41176

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.6.3

Description A malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint, such as "/api/v1/auth/logout". This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.

Recommendations For versions prior to 1.6.3, update to version 1.6.3 to resolve the issue. As a temporary workaround, consider restricting access to the sign-out endpoint until a patch is available.