FKIE_CVE-2024-49366
Vulnerability from fkie_nvd - Published: 2024-10-21 17:15 - Updated: 2024-11-07 15:15
Severity ?
Summary
Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*",
"matchCriteriaId": "22A77A87-A811-4F69-A383-D7B7E5A4F3C2",
"versionEndIncluding": "1.9.9-4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D684FFEF-4451-49ED-A04D-CF74F45A2F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10_patch:*:*:*:*:*:*",
"matchCriteriaId": "D5984B3A-40C9-4188-976C-E9EB166FA624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "EDE74B22-31D1-41D1-A5DD-DB4AAA7A7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta12:*:*:*:*:*:*",
"matchCriteriaId": "B99C6CCE-C042-4AB1-9D47-2DFE59851BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta13:*:*:*:*:*:*",
"matchCriteriaId": "B484B49F-B83F-4E9F-BE87-059D7FE3BD51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta13-patch:*:*:*:*:*:*",
"matchCriteriaId": "D61FFDC5-D5DE-4608-A303-2A804D25200F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta14:*:*:*:*:*:*",
"matchCriteriaId": "56799738-9FD4-41EC-B259-3273165DE071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta15:*:*:*:*:*:*",
"matchCriteriaId": "B7CBB875-B2B8-473B-9F89-8CE4EF93819C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta16:*:*:*:*:*:*",
"matchCriteriaId": "B48C61F6-EE8C-4DA4-B2F1-58345C2A1507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta17:*:*:*:*:*:*",
"matchCriteriaId": "96DB1BA6-5BA0-4E54-B32B-C7B789A8C25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18:*:*:*:*:*:*",
"matchCriteriaId": "7FB8C798-E100-4290-8341-174F3E5B7C6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18-patch1:*:*:*:*:*:*",
"matchCriteriaId": "5E5F4274-4644-447B-9082-5F9491FD9D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18-patch2:*:*:*:*:*:*",
"matchCriteriaId": "4DF6E94E-E7DE-410B-AE2A-371D7FFFAB07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta19:*:*:*:*:*:*",
"matchCriteriaId": "3715D4C4-C7E1-4B1D-8D06-2256065010A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta20:*:*:*:*:*:*",
"matchCriteriaId": "2ED9DDCE-D3CE-4F8C-AEC8-E8632BC8F2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta21:*:*:*:*:*:*",
"matchCriteriaId": "7DE84C54-309D-4A91-9597-B09EF587B2EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta22:*:*:*:*:*:*",
"matchCriteriaId": "F81DFE2E-33CF-4ED6-B1F3-8DF059418AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23:*:*:*:*:*:*",
"matchCriteriaId": "F6ADBCF5-1898-4B98-9F78-B9CE03E319DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23-patch1:*:*:*:*:*:*",
"matchCriteriaId": "F29790DF-EF6C-4C78-8479-8C2155685156",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23-ptach2:*:*:*:*:*:*",
"matchCriteriaId": "70EBD5F7-DC32-4534-9F0B-10D0B8629CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta24:*:*:*:*:*:*",
"matchCriteriaId": "2CABC38D-7F44-4501-9889-125B988682A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25:*:*:*:*:*:*",
"matchCriteriaId": "5A7219E9-21D1-4F39-AC78-155468E48F06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25-patch1:*:*:*:*:*:*",
"matchCriteriaId": "A5526972-5733-4F85-8208-F66BAA73ADA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25-ptach2:*:*:*:*:*:*",
"matchCriteriaId": "D3B74576-733E-4C21-A0A1-B03B5F6CB58E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta27:*:*:*:*:*:*",
"matchCriteriaId": "8F947576-8B6B-40BA-A2A7-DF21A5501033",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta28:*:*:*:*:*:*",
"matchCriteriaId": "091FA173-5470-45B7-BBED-7DF06B5646F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta29:*:*:*:*:*:*",
"matchCriteriaId": "08052F6C-9D02-4EF3-BF93-EF4A16AD53FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta30:*:*:*:*:*:*",
"matchCriteriaId": "432993A8-AAC1-4245-A0F1-BADED990EF01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta31:*:*:*:*:*:*",
"matchCriteriaId": "3C29B365-6A28-4E28-BA04-FA2158E3A6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta32:*:*:*:*:*:*",
"matchCriteriaId": "ED82D9C5-837C-4258-A7A1-1FA8CB6E13CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta32-patch1:*:*:*:*:*:*",
"matchCriteriaId": "142C0FD2-7B0A-48D5-BF2D-62790C20444C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta33:*:*:*:*:*:*",
"matchCriteriaId": "202A862C-BE02-4716-9A9B-A779678C5A6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta34:*:*:*:*:*:*",
"matchCriteriaId": "DDB5ACE0-6911-4AFE-A5FB-ED5EC67F38A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta35:*:*:*:*:*:*",
"matchCriteriaId": "6D67DDA9-8946-40EB-83B0-93AE3E31E310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*",
"matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*",
"matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*",
"matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*",
"matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*",
"matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B52F973F-A2F2-40C2-9936-9447B5803CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue."
},
{
"lang": "es",
"value": "Nginx UI es una interfaz de usuario web para el servidor web Nginx. Nginx UI v2.0.0-beta.35 y anteriores obtienen el valor del campo json sin verificaci\u00f3n y pueden construir un valor en forma de `../../`. Se pueden escribir archivos arbitrarios en el servidor, lo que puede provocar la p\u00e9rdida de permisos. La versi\u00f3n 2.0.0-beta.26 corrige el problema."
}
],
"id": "CVE-2024-49366",
"lastModified": "2024-11-07T15:15:04.587",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-10-21T17:15:03.567",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36"
},
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-prv4-rx44-f7jr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…