GHSA-g7vw-f8p5-c728: Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

A Pterodactyl Panel (server management software) API has a missing authorization check that allows any user with a node secret token (a credential for accessing a specific server cluster) to retrieve configuration data and manipulate servers on other nodes that they shouldn't have access to. This vulnerability requires an attacker to first obtain a node token, but once they do, they can access sensitive server information, installation scripts containing secrets, and even delete servers on other nodes.