CVE-2024-23827

🗓️ 29 Jan 2024 16:07:13Reported by GitHub_MType

Nginx-UI allows arbitrary write to system via Import Certificate leading to remote code execution (CVE-2024-23827

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-23827	28 Jan 202407:07	–	circl
CNNVD	Nginx UI Path Traversal Vulnerability	29 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature	29 Jan 202416:07	–	cvelist
EUVD	EUVD-2024-0460	3 Oct 202520:07	–	euvd
Github Security Blog	Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature	29 Jan 202422:30	–	github
GitLab Advisory Database	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')	29 Jan 202400:00	–	gitlab
NVD	CVE-2024-23827	29 Jan 202416:15	–	nvd
OSV	CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature	29 Jan 202416:07	–	osv
OSV	GHSA-XVQ9-4VPV-227M Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature	29 Jan 202422:30	–	osv
OSV	GO-2024-2481 Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in github.com/0xJacky/Nginx-UI	28 Jun 202415:28	–	osv

NVD

Vulners

Node

nginxui nginx_uiMatch1.2.0-

nginxui nginx_uiMatch1.2.0alpha2

nginxui nginx_uiMatch1.2.0alpha3

nginxui nginx_uiMatch1.2.0alpha4

nginxui nginx_uiMatch1.2.0rc1

nginxui nginx_uiMatch1.2.0rc2

nginxui nginx_uiMatch1.2.0rc3

nginxui nginx_uiMatch1.2.1

nginxui nginx_uiMatch1.2.2

nginxui nginx_uiMatch1.3.0-

nginxui nginx_uiMatch1.3.0rc1

nginxui nginx_uiMatch1.3.1-

nginxui nginx_uiMatch1.3.1fix

nginxui nginx_uiMatch1.3.2

nginxui nginx_uiMatch1.3.3rc1

nginxui nginx_uiMatch1.4.0-

nginxui nginx_uiMatch1.4.0rc1

nginxui nginx_uiMatch1.4.1

nginxui nginx_uiMatch1.4.2

nginxui nginx_uiMatch1.5.0-

nginxui nginx_uiMatch1.5.0beta1

nginxui nginx_uiMatch1.5.0beta2

nginxui nginx_uiMatch1.5.0beta3

nginxui nginx_uiMatch1.5.0beta4

nginxui nginx_uiMatch1.5.0beta4_fix

nginxui nginx_uiMatch1.5.0beta5

nginxui nginx_uiMatch1.5.0beta6

nginxui nginx_uiMatch1.5.0beta7

nginxui nginx_uiMatch1.5.0beta8

nginxui nginx_uiMatch1.5.0beta9

nginxui nginx_uiMatch1.5.1

nginxui nginx_uiMatch1.5.2

nginxui nginx_uiMatch1.6.0-

nginxui nginx_uiMatch1.6.0fix

nginxui nginx_uiMatch1.6.1

nginxui nginx_uiMatch1.6.2

nginxui nginx_uiMatch1.6.3

nginxui nginx_uiMatch1.6.5

nginxui nginx_uiMatch1.6.6

nginxui nginx_uiMatch1.6.7

nginxui nginx_uiMatch1.6.8

nginxui nginx_uiMatch1.7.0-

nginxui nginx_uiMatch1.7.0patch

nginxui nginx_uiMatch1.7.1

nginxui nginx_uiMatch1.7.2

nginxui nginx_uiMatch1.7.3

nginxui nginx_uiMatch1.7.4

nginxui nginx_uiMatch1.7.5

nginxui nginx_uiMatch1.7.6

nginxui nginx_uiMatch1.7.7

nginxui nginx_uiMatch1.7.8

nginxui nginx_uiMatch1.7.9

nginxui nginx_uiMatch1.8.0

nginxui nginx_uiMatch1.8.1

nginxui nginx_uiMatch1.8.2

nginxui nginx_uiMatch1.8.3

nginxui nginx_uiMatch1.8.4-

nginxui nginx_uiMatch1.8.4patch

nginxui nginx_uiMatch1.9.9

nginxui nginx_uiMatch1.9.9-1

nginxui nginx_uiMatch1.9.9-2

nginxui nginx_uiMatch1.9.9-3

nginxui nginx_uiMatch1.9.9-4

nginxui nginx_uiMatch2.0.0beta1

nginxui nginx_uiMatch2.0.0beta10

nginxui nginx_uiMatch2.0.0beta10_patch

nginxui nginx_uiMatch2.0.0beta11

nginxui nginx_uiMatch2.0.0beta2

nginxui nginx_uiMatch2.0.0beta3

nginxui nginx_uiMatch2.0.0beta4

nginxui nginx_uiMatch2.0.0beta4_patch

nginxui nginx_uiMatch2.0.0beta5

nginxui nginx_uiMatch2.0.0beta5_patch

nginxui nginx_uiMatch2.0.0beta6

nginxui nginx_uiMatch2.0.0beta6_patch

nginxui nginx_uiMatch2.0.0beta6_patch2

nginxui nginx_uiMatch2.0.0beta7

nginxui nginx_uiMatch2.0.0beta8

nginxui nginx_uiMatch2.0.0beta8_patch

nginxui nginx_uiMatch2.0.0beta9

[
  {
    "vendor": "0xJacky",
    "product": "nginx-ui",
    "versions": [
      {
        "version": "< 2.0.0.beta.12",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m

21 Nov 2024 08:58Current

9.7High risk

Vulners AI Score9.7

CVSS 3.19.8

EPSS0.02965

SSVC

CWE-22