CVE-2023-32080

Name of the Vulnerable Software and Affected Versions Wings versions prior to 1.7.5 Wings versions 1.11.0 through 1.11.5

Description The issue affects Wings, allowing attackers to gain access to the host system if they can modify a server's install script or if the install script executes code supplied by the user, potentially through environment variables or commands based on user data. This can be exploited if an administrator account on a Panel is compromised, especially considering certain eggs unknowingly execute shell commands with escalated privileges from untrusted user data.

Recommendations For Wings versions prior to 1.7.5, upgrade to version 1.7.5. For Wings versions 1.11.0 through 1.11.5, upgrade to version 1.11.6. As a temporary mitigation measure, consider running Wings with a rootless container runtime, though this may not be feasible for most users following the Wings documentation. Additionally, enabling SELinux may prevent certain operations against the host system, but its effectiveness is limited with privileged containers.