CVE-2024-34067

Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.11.6

Description Importing a malicious egg or gaining access to a wings instance could lead to cross-site scripting (XSS) on the panel, potentially allowing an attacker to gain an administrator account. The impacted components include Egg Docker images and Egg variables: Name, Environment variable, Default value, Description, and Validation rules. This issue requires an administrator to perform specific actions and cannot be triggered by a normal panel user.

Recommendations For versions prior to 1.11.6, update to version 1.11.6 to resolve the issue. No workaround is available other than updating to the latest version of the panel. As a temporary measure, consider restricting access to Egg Docker images and Egg variables to minimize the risk of exploitation.