One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8308392 |
| Date de publication | 2023-02-08 19:15:11 (vue: 2023-02-08 22:08:20) |
| Titre | CVE-2023-25152 |
| Texte | Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, promote their containers to privileged mode, or potentially add ssh authorized keys to allow the attacker access to a remote shell on the target machine. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by the Wings Daemon. This vulnerability has been resolved in version `v1.11.3` of the Wings Daemon, and has been back-ported to the 1.7 release series in `v1.7.3`. Anyone running `v1.11.x` should upgrade to `v1.11.3` and anyone running `v1.7.x` should upgrade to `v1.7.3`. There are no known workarounds for this vulnerability. ### Workarounds None at this time. |
| Notes | |
| Envoyé | Oui |
| Condensat | ### 2023 25152 `v1 access add affected allocated allocations allow allowing anyone are attacker attackers authorized back been can change containers control controlled create cve daemon did directory exist existing exploit files has have host keys known machine mode must new none not order plane ported potentially previously privileged promote pterodactyl release remote resolved resource running series server shell should ssh structures subject system target time upgrade use used version versions vulnerability which wings workarounds |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.