CVE-2024-34068

Name of the Vulnerable Software and Affected Versions: Pterodactyl Wings versions prior to 1.11.2

Description: An authenticated user with access to a game server can bypass previously implemented access control, potentially accessing resources on local networks that would otherwise be inaccessible. This issue allows malicious users to access internal endpoints of the node hosting Wings in the pull endpoint. The estimated number of potentially affected devices is not specified.

Recommendations: For versions prior to 1.11.2, upgrade to version 1.11.2 or later to resolve the issue. As a temporary workaround for users unable to upgrade, enable the api.disable remote download option.