Lucene search
Veracode Vulnerability DatabaseVERACODE:39237HistoryFeb 12, 2023 - 3:47 p.m.
Arbitrary File Deletion
2023-02-1215:47:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
13
arbitrary file deletion
remote authenticated attacker
filesystem vulnerability
overwrite existing files
cve-2023-25152
github
pterodactyl wingso
EPSS
0.001
Percentile
43.3%
github.com/pterodactyl/wingso is vulnerable to Arbitrary File Deletion. A remote authenticated attacker is able to delete files and directories recursively on the host system via the vulnerable Delete function of filesystem.go. This vulnerability can further be exploited to overwrite existing files by combining it with CVE-2023-25152.
References
github.com/pterodactyl/wings/commit/429ac62dba22997a278bc709df5ac00a5a25d83d
github.com/pterodactyl/wings/commit/dcbc59790db8d12bc256e69cc46a8123bd514fab
github.com/pterodactyl/wings/security/advisories/GHSA-66p8-j459-rq63
github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
github.com/pterodactyl/wings/security/advisories/GHSA-p8r3-83r8-jwj5
Related
osv
osv
prion
prion
Design/Logic Flaw
2023-02-08 19:15:00
Design/Logic Flaw
2023-02-09 00:16:00
cvelist
cvelist
nvd
nvd
CVE-2023-25152
2023-02-08 19:15:11
CVE-2023-25168
2023-02-09 00:16:36
github
github
cve
cve
CVE-2023-25152
2023-02-08 19:15:11
CVE-2023-25168
2023-02-09 00:16:36
veracode
veracode
Privilege Escalation
2023-02-12 14:41:38
ubuntu
ubuntu
Thunderbird vulnerabilities
2023-03-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-5972-1)
2023-03-28 00:00:00