CVE-2024-22200 vantage6-UI docker image leaks software version information

vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0...

Arbitrary File Write

Nginx-UI is vulnerable to Arbitrary File Write vulnerability. The vulnerability is due to improper input validation when adding certificates. This issue can be exploited by an attacker to write into arbitrary paths in the system...

Remote Code Execution

Nginx-UI is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation within testconfigcmd or startcmd. This issue can be exploited by an attacker by modifying the values, resulting in Remote Code Execution...

PT-2024-2069 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: vantage6-UI versions prior to 4.2.0 Description: The issue is related to insufficient protection of service data in the vantage6-UI interface, which can allow a remote attacker to gain unauthorized access to protected information. The docker...

vantage6 Information Disclosure Vulnerability

vantage6 is vantage6 open source an open source priVAcy preserviNg federalTed leArningG infrastructure for Secure Insight eXchange. vantage6 An information disclosure vulnerability exists in vantage6-UI that stems from the docker image used to run the UI disclosing the nginx version...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

Summary Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcm...

GHSA-QCJQ-7F7V-PVC8 Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF

Summary Fix bypass to the following bugs - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Allowing to inject directly in the app.ini via CRLF to change the value of testconfigcmd and startcm...

Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

GHSA-XVQ9-4VPV-227M Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature

Summary The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system...

CVE-2024-23828

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

Design/Logic Flaw

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

CVE-2024-23828

Summary: CVE-2024-23828 affects Nginx-UI, a web interface for Nginx configuration. An authenticated attacker can achieve arbitrary command execution by abusing CRLF in configuration fields (test_config_cmd or start_cmd), due to an incomplete fix for CVE-2024-22197/22198. The issue is capped at hi...

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

CVE-2024-23828 Nginx-UI authenticated RCE through injecting into the application config via CRLF

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of testconfigcmd or startcmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This...

CVE-2024-23827

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

Remote code execution

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...

CVE-2024-23827

Summary of CVE-2024-23827 (Nginx-UI) Nginx-UI (github.com/0xJacky/Nginx-UI) exposes an Import Certificate feature via the API endpoint /api/cert which allows writing uploaded certificate data and keys to arbitrary filesystem paths. The write logic accepts path fields (ssl_certificate_path, ssl_ce...

CVE-2024-23827 Nginx-UI arbitrary file write through the Import Certificate feature

Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the...