pterodactyl/panel Security Advisories for v0.5.7 (10)
-
[MEDIUM] Pterodactyl TOTPs can be reused during validity window
PKSA-nk76-8zr3-7ywp CVE-2025-69197 GHSA-rgmp-4873-r683
Affected version: <1.12.0
Reported by:
GitHub -
[HIGH] Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced
PKSA-zfwd-jx3t-62gc CVE-2025-68954 GHSA-8c39-xppg-479c
Affected version: <1.12.0
Reported by:
GitHub -
[LOW] Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”
PKSA-5dmg-k8vm-rbb6 GHSA-mgr9-6c2j-jxrq
Affected version: <1.12.0
Reported by:
GitHub -
[CRITICAL] Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution
PKSA-7fcd-gcsm-y5fk CVE-2025-49132 GHSA-24wv-6c99-f843
Affected version: <=1.11.10
Reported by:
GitHub -
[MEDIUM] Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled
PKSA-r7r5-9g2g-bhnx CVE-2024-49762 GHSA-c479-wq8g-57hr
Affected version: <1.11.8
Reported by:
GitHub -
[MEDIUM] Pterodactyl panel's admin area vulnerable to Cross-site Scripting
PKSA-w7w4-x3d5-y8hz CVE-2024-34067 GHSA-384w-wffr-x63q
Affected version: <1.11.6
Reported by:
GitHub -
[HIGH] Pterodactyl vulnerable to 2FA Sniffing
PKSA-p6s7-nx8q-jntj CVE-2019-1020002 GHSA-fg52-xjfc-9rh8
Affected version: <=0.7.13
Reported by:
GitHub -
[MEDIUM] Insufficient Session Expiration in Pterodactyl API
PKSA-2ydv-ypnd-xrp7 GHSA-7v3x-h7r2-34jv
Affected version: <1.7.0
Reported by:
GitHub -
[MEDIUM] Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
PKSA-yr2t-b9wk-qw33 CVE-2021-41273 GHSA-wwgq-9jhf-qgw6
Affected version: <1.6.6
Reported by:
GitHub -
[MEDIUM] XSS vulnerability when listing users on add & modify server pages.
PKSA-cmcr-x57y-1pq2 GHSA-5822-pw57-vv37
Affected version: >=1.0.0-rc.0,<=1.0.0-rc.6|<0.7.19
Reported by:
GitHub