CVE-2024-27102

Name of the Vulnerable Software and Affected Versions Pterodactyl Wings versions prior to 1.11.9

Description This issue impacts anyone running the affected versions of Wings, potentially allowing access to files and directories on the host system. The full scope of impact is unknown, but reading files outside of a server's base directory is possible. An attacker must have an existing server allocated and controlled by Wings to exploit this issue. Details on exploitation are embargoed until March 27th, 2024, at 18:00 UTC.

Recommendations Update to version 1.11.9 to mitigate this issue. As there are no known workarounds, updating to the specified version is the recommended course of action. If you notice any major semantic differences after updating, please open an issue on the issue tracker so it can be resolved.