CVE-2023-25168 - OpenCVE

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pterodactyl	Wings

Configuration 1 [-]

OR	cpe:2.3:a:pterodactyl:wings::::::::
	cpe:2.3:a:pterodactyl:wings:1.11.0:-::::::
	cpe:2.3:a:pterodactyl:wings:1.11.1:::::::*
	cpe:2.3:a:pterodactyl:wings:1.11.2:::::::*
	cpe:2.3:a:pterodactyl:wings:1.11.3:::::::*

No data.

References

Link	Providers
https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-02-08T23:43:29.094Z

Updated: 2024-08-02T11:18:35.642Z

Reserved: 2023-02-03T16:59:18.246Z

Link: CVE-2023-25168

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-09T00:16:36.907

Modified: 2023-11-07T04:08:54.787

Link: CVE-2023-25168

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-25168", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-02-03T16:59:18.246Z", "datePublished": "2023-02-08T23:43:29.094Z", "dateUpdated": "2024-08-02T11:18:35.642Z"}, "containers": {"cna": {"title": "Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings", "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "lang": "en", "description": "CWE-59: Improper Link Resolution Before File Access ('Link Following')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63"}, {"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5", "tags": ["x_refsource_MISC"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5"}, {"name": "https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d", "tags": ["x_refsource_MISC"], "url": "https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d"}], "affected": [{"vendor": "pterodactyl", "product": "wings", "versions": [{"version": "< 1.7.4", "status": "affected"}, {"version": ">= 1.11.0, < 1.11.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-02-08T23:43:29.094Z"}, "descriptions": [{"lang": "en", "value": "Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing \"server\" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-66p8-j459-rq63", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T11:18:35.642Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63"}, {"name": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5"}, {"name": "https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pterodactyl:wings:*:*:*:*:*:*:*:*", "matchCriteriaId": "0EE2ACC4-DC54-4A78-AC93-F6CAAA120AB9", "versionEndExcluding": "1.7.4", "versionStartIncluding": "1.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:pterodactyl:wings:1.11.0:-:*:*:*:*:*:*", "matchCriteriaId": "4C6F3CF4-2AFF-4966-8DD4-D7FE674530C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pterodactyl:wings:1.11.1:*:*:*:*:*:*:*", "matchCriteriaId": "C72D6216-66D3-49D9-93BA-CCB5B4031569", "vulnerable": true}, {"criteria": "cpe:2.3:a:pterodactyl:wings:1.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7FBA78A-C90F-4800-9AD7-99F3C9CD3125", "vulnerable": true}, {"criteria": "cpe:2.3:a:pterodactyl:wings:1.11.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2846920-6C69-42F5-A766-61ED4CC923C7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attacker must have an existing \"server\" allocated and controlled by Wings. This vulnerability has been resolved in version `v1.11.4` of Wings, and has been back-ported to the 1.7 release series in `v1.7.4`. Anyone running `v1.11.x` should upgrade to `v1.11.4` and anyone running `v1.7.x` should upgrade to `v1.7.4`. There are no known workarounds for this issue."}], "id": "CVE-2023-25168", "lastModified": "2023-11-07T04:08:54.787", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-02-09T00:16:36.907", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "security-advisories@github.com", "type": "Secondary"}]}