Lucene search

GitHub Advisory DatabaseGHSA-QCJQ-7F7V-PVC8

HistoryJan 29, 2024 - 10:30 p.m.

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

2024-01-2922:30:24

CWE-74

GitHub Advisory Database

github.com

nginx-ui

rce

crlf

injection

app.ini

authenticated

remote execution

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Summary

Fix bypass to the following bugs

Allowing to inject directly in the app.ini via CRLF to change the value of test_config_cmd and start_cmd resulting in an Authenticated RCE

Impact

Authenticated Remote execution on the host

Affected configurations

Vulners

Node

github.com\/0xjacky\/nginxuiRange<2.0.0-beta.12

CPENameOperatorVersion
github.com/0xjacky/nginx-uilt2.0.0-beta.12

CPE	Name	Operator	Version
	github.com/0xjacky/nginx-ui	lt	2.0.0-beta.12

References

github.com/0xJacky/nginx-ui/commit/d70e37c8575e25b3da7203ff06da5e16c77a42d1

github.com/0xJacky/nginx-ui/security/advisories/GHSA-qcjq-7f7v-pvc8

github.com/advisories/GHSA-qcjq-7f7v-pvc8

nvd.nist.gov/vuln/detail/CVE-2024-23828

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Related for GHSA-QCJQ-7F7V-PVC8