Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2024/01/29 4:7 p.m.13 views

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS7.7AI score0.00699EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/01/29 4:7 p.m.30 views

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS10AI score0.00699EPSS
Exploits0References1
CVE
CVE
added 2024/01/29 4:7 p.m.68 views

CVE-2024-23827

Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...

9.8CVSS9.7AI score0.00699EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/29 4:7 p.m.36 views

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

9.8CVSS9.5AI score0.00699EPSS
Exploits0References3
Circl
Circl
added 2024/01/28 7:7 a.m.6 views

CVE-2024-23827

creationtimestamp| type| source ---|---|--- 2024-01-28 07:07:23+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m 2024-01-29 17:32:01+00:00| seen| https://t.me/ctinow/175414...

9.8CVSS7.3AI score0.00699EPSS
Exploits0References2
Rows per page
Query Builder