5 matches found
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827
Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...
CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...
CVE-2024-23827
creationtimestamp| type| source ---|---|--- 2024-01-28 07:07:23+00:00| published-proof-of-concept| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m 2024-01-29 17:32:01+00:00| seen| https://t.me/ctinow/175414...