Lucene search

GoogleOSV:GHSA-QCJQ-7F7V-PVC8

HistoryJan 29, 2024 - 10:30 p.m.

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

2024-01-2922:30:24

Google

osv.dev

nginx-ui

authenticated

remote execution

crlf

injection

app.ini

config

bypass

security advisory

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Summary

Fix bypass to the following bugs

Allowing to inject directly in the app.ini via CRLF to change the value of test_config_cmd and start_cmd resulting in an Authenticated RCE

Impact

Authenticated Remote execution on the host

CPENameOperatorVersion
github.com/0xjacky/nginx-uilt2.0.0-beta.12

CPE	Name	Operator	Version
	github.com/0xjacky/nginx-ui	lt	2.0.0-beta.12

References

github.com/0xJacky/nginx-ui

github.com/0xJacky/nginx-ui/commit/d70e37c8575e25b3da7203ff06da5e16c77a42d1

github.com/0xJacky/nginx-ui/security/advisories/GHSA-qcjq-7f7v-pvc8

nvd.nist.gov/vuln/detail/CVE-2024-23828

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.0%

JSON

Related for OSV:GHSA-QCJQ-7F7V-PVC8