Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNDlmLWhjeHAtNmhtNs0WsA
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Impact
A malicious user can trigger a user logout if a signed in user visits a malicious website that makes a request to the Panel's sign-out endpoint. This requires a targeted attack against a specific Panel instance, and serves only to sign a user out. No user details are leaked, nor is any user data affected, this is simply an annoyance at worst.
Patches
None.
Workarounds
None.
For more information
If you have any questions or comments about this advisory please contact Tactical Fish#8008
on Discord, or email [email protected]
.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNDlmLWhjeHAtNmhtNs0WsA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
EPSS Percentage: 0.00089
EPSS Percentile: 0.39305
Identifiers: GHSA-m49f-hcxp-6hm6, CVE-2021-41176
References:
- https://github.com/pterodactyl/panel/security/advisories/GHSA-m49f-hcxp-6hm6
- https://github.com/pterodactyl/panel/commit/45999ba4ee1b2dcb12b4a2fa2cedfb6b5d66fac2
- https://github.com/pterodactyl/panel/releases/tag/v1.6.3
- https://nvd.nist.gov/vuln/detail/CVE-2021-41176
- https://github.com/advisories/GHSA-m49f-hcxp-6hm6
Blast Radius: 1.0
Affected Packages
packagist:pterodactyl/panel
Dependent packages: 0Dependent repositories: 0
Downloads: 133 total
Affected Version Ranges: >= 1.0.0, < 1.6.3
Fixed in: 1.6.3
All affected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1, 1.2.2, 1.3.0, 1.3.1, 1.3.2, 1.4.0, 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.6.2
All unaffected versions: 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.5.4, 0.5.5, 0.5.6, 0.5.7, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.6.4, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.7.7, 0.7.8, 0.7.9, 0.7.10, 0.7.11, 0.7.12, 0.7.13, 0.7.14, 0.7.15, 0.7.16, 0.7.17, 0.7.18, 0.7.19, 1.6.3, 1.6.5, 1.6.6, 1.7.0, 1.8.0, 1.8.1, 1.9.0, 1.9.1, 1.9.2, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.10.4, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 1.11.7, 1.11.8, 1.11.9, 1.11.10