CVE-2024-27102 – This vulnerability in Pterodactyl Wings allows ... (How to Fix)

Q: What is the severity of CVE-2024-27102?

CVE-2024-27102 has a CVSS score of 9.9 (CRITICAL). This vulnerability in Pterodactyl Wings allows authenticated attackers with server access to read files outside their allocated sandbox directory, potentially accessing sensitive host system files. It affects all Wings users running versions before 1.11.9. The exact scope is unknown but includes file disclosure from the host filesystem.

📋 TL;DR

This vulnerability in Pterodactyl Wings allows authenticated attackers with server access to read files outside their allocated sandbox directory, potentially accessing sensitive host system files. It affects all Wings users running versions before 1.11.9. The exact scope is unknown but includes file disclosure from the host filesystem.

💻 Affected Systems

Products:

Pterodactyl Wings

Versions: All versions before 1.11.9

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have an existing server allocated and controlled by Wings

📦 What is this software?

Wings by Pterodactyl

View all CVEs affecting Wings →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete host filesystem compromise including reading sensitive configuration files, credentials, and potentially escalating to full system control.

🟠

Likely Case

Unauthorized reading of sensitive files outside the sandbox, potentially exposing credentials, configuration data, or other server files.

🟢

If Mitigated

Limited impact if proper network segmentation and minimal privileges are already implemented, though file disclosure remains possible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation details embargoed until March 27, 2024. Requires authenticated access to a Wings-controlled server.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.11.9

Vendor Advisory: https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9

Restart Required: Yes

Instructions:

1. Stop all Wings instances. 2. Update to version 1.11.9 using your package manager or manual installation. 3. Restart Wings service. 4. Verify all servers are functioning correctly.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Wings instances from sensitive systems
Apply principle of least privilege to all user accounts and server permissions

🔍 How to Verify

Check if Vulnerable:

Check Wings version with 'wings --version' or examine service logs for version information

Check Version:

wings --version

Verify Fix Applied:

Confirm version is 1.11.9 or higher using 'wings --version'

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns
Requests attempting to access paths outside normal server directories
Errors related to file permission violations

Network Indicators:

Unusual outbound connections from Wings instances
Traffic patterns suggesting file exfiltration

SIEM Query:

source="wings" AND (event="file_access" OR event="permission_error") AND path CONTAINS ".."

📊 Metadata

CVE ID: CVE-2024-27102

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-22

Published: March 13, 2024

Last Updated: January 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27102, you might also want to check these: