GSD-2024-23827
Vulnerability from gsd - Updated: 2024-01-23 06:02Details
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-23827"
],
"details": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It\u0027s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.",
"id": "GSD-2024-23827",
"modified": "2024-01-23T06:02:22.070610Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-23827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nginx-ui",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 2.0.0.beta.12"
}
]
}
}
]
},
"vendor_name": "0xJacky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It\u0027s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m",
"refsource": "MISC",
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m"
}
]
},
"source": {
"advisory": "GHSA-xvq9-4vpv-227m",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5EB4B0D-CE6A-45CE-8971-15BBB0722394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "347055AA-23A7-4D03-A46B-0A51A0357EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "9D17A6DA-3309-4029-9DAD-76ABAA1EA38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "2E720E78-E724-4E65-9AFC-BC83E2B6405F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F445EB2-0B0B-44D1-9A6F-A23BB7CBA264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D4CD22F-4078-4EA1-8790-D6FD110A2893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FE185FE-3B3F-4E46-8812-2512B25E3AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861646B0-3CD6-4037-9EE4-550B9B7E5FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D82994-E977-4148-9E6D-EB87E77EC702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B30244FF-039B-44F2-AC1A-5FDB7F98A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "45F8125A-57BE-4E62-94A2-FBDD0BCB67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "73DB5C6F-0F75-44F4-B47F-44F3805C0E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.1:fix:*:*:*:*:*:*",
"matchCriteriaId": "D9D6B6EA-823D-4D36-84DC-69CB14AA3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B31BCF4-F00E-42E1-9BCA-F7C0D164FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B098A3C6-DFE3-41C5-AADB-52C36A08F566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5F5057DF-FA0A-4A41-BC6F-0F20529BACAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7F7B02B-C43C-4E57-B844-F1708125BAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6CBAAD-0A17-4E43-965B-C525DADCA3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBA5C6E-25FC-4952-BA2C-6C44770D8861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BDA3575B-E64E-42AD-A12C-ADD2BD61065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "659E6E9F-A297-4115-884B-C4D7EE2CB155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4E1A2B34-9B82-429D-83E4-951344B31CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B43B60D3-743D-4965-B0FF-3FBDA3DFB7B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "36DB77DA-4ED4-4800-8251-EB4F4BBA4A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta4_fix:*:*:*:*:*:*",
"matchCriteriaId": "E9596AB0-0985-45A3-9EC4-4331A62E59D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A7659CD3-117A-427A-BDAB-E9580D0CE0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "8D398E64-80C0-4E7F-9BAB-37200FE42EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "9CF56792-52E6-4A24-8488-8DBCE0DF2E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "2D59E88D-CFF0-4039-A236-86AEFA9D6135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F6C8AFA8-8F62-43A3-99E3-D2BA31B94AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED48548E-A6AB-4AE7-B70F-540F13FA3171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C645D38E-9AF7-4334-96B0-B674A2DD0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B3B50213-0F6A-4C86-A819-BC4CEC4CD6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.0:fix:*:*:*:*:*:*",
"matchCriteriaId": "5EAB6269-238F-4342-BFF3-8D52E068A797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "830987AC-8021-4898-B031-5D158A2EBFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C48387B2-B727-4184-9AEE-F2641F14B96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF0BF25-8BBD-408E-AD26-2F5A5A7A8799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E90DD77-C9D3-418B-A77D-6B6513F1B2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F01E473A-7007-43B3-8801-4EDCB94433B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5C23AA-D701-4153-A798-BC62D2227E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3E2589-AA3E-4FBD-9BE0-8C6343AA2D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F287D86-DE0B-4EFA-A59B-26142539F4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "F6CA517E-298A-4594-A5C3-01D714B45FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988C01A-A8E8-4A78-86FE-D479E85D1C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3089766-C08D-46ED-96CD-FBD23918CE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7556CA53-63DB-456A-9F4F-D2216577214B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7D3809-15E2-46D7-B655-872D39516423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10DF1FCF-60F0-4E1E-B527-038D62D70061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "692F6EB8-A3DA-41D4-ADC0-A62475056CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB220C58-FEB5-4D00-856A-B8F02089EC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F256AE5-04EC-4F8E-BBC4-76F16736E275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5878D75-96C7-44AB-8982-705FBC2A7825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2FBE3D-3B56-4E56-8156-63FE4F1B8CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B0C7D6-30BF-4ABD-A72C-795D60DC5CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05EA49-627E-4A40-ABB0-E590623C0B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47930D99-B18D-4A65-B49E-060B661919E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.4:-:*:*:*:*:*:*",
"matchCriteriaId": "6C3B1880-D8EB-40CA-B241-02B3C8B49869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.4:patch:*:*:*:*:*:*",
"matchCriteriaId": "E7700F38-C7DD-4F86-B3DE-C3C9A28370A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C994DA95-D877-4319-911A-90918A9C566F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB27842-9235-4E3D-9E07-5DC873560D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-2:*:*:*:*:*:*:*",
"matchCriteriaId": "598FBDD0-E019-4AA5-B561-65B4D1BE084A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-3:*:*:*:*:*:*:*",
"matchCriteriaId": "489C42D9-39E2-4491-B318-18A20732ED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E801BBB-76D3-4873-A431-549FE7DE5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D684FFEF-4451-49ED-A04D-CF74F45A2F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10_patch:*:*:*:*:*:*",
"matchCriteriaId": "D5984B3A-40C9-4188-976C-E9EB166FA624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "EDE74B22-31D1-41D1-A5DD-DB4AAA7A7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*",
"matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*",
"matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*",
"matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*",
"matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*",
"matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B52F973F-A2F2-40C2-9936-9447B5803CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It\u0027s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue."
},
{
"lang": "es",
"value": "Nginx-UI es una interfaz web para administrar configuraciones de Nginx. La funci\u00f3n Import Certificate permite la escritura arbitraria en el sistema. La funci\u00f3n no verifica si la entrada del usuario proporcionada es una certificaci\u00f3n/clave y permite escribir en rutas arbitrarias en el sistema. Es posible aprovechar la vulnerabilidad para ejecutar c\u00f3digo remoto sobrescribiendo el archivo de configuraci\u00f3n app.ini. La versi\u00f3n 2.0.0.beta.12 solucion\u00f3 el problema."
}
],
"id": "CVE-2024-23827",
"lastModified": "2024-02-08T16:42:39.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-01-29T16:15:09.867",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…