Design/Logic Flaw

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550 NGINX Agent vulnerability CVE-2023-1550

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when...

CVE-2023-1550

CVE-2023-1550 (NGINX Agent) affects NGINX Agent versions 2.0 through 2.23.2. The issue arises from inserting sensitive information into log files, exposed when non-default trace level logging is enabled. An authenticated attacker with local access to read agent log files may gain access to privat...

K000133135: NGINX Agent vulnerability CVE-2023-1550

Security Advisory Description NGINX Agent inserts sensitive information into a log file. CVE-2023-1550 Impact An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note :...

PT-2023-2180 · Nginx · Nginx Agent

Name of the Vulnerable Software and Affected Versions: NGINX Agent versions 2.0 through 2.23.2 Description: The issue is related to insufficient protection of registration data, which may allow an attacker to gain access to private keys. This can occur when an authenticated attacker with local...

NGINX Agent 日志信息泄露漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from the US-based Nginx Corporation. A log information disclosure vulnerability exists in NGINX Agent version 2.0 prior to 2.23.3, which stems from NGINX Agent inserting sensitive information into log files...

Information Disclosure

labelstudio is vulnerable to Information Disclosure. The vulnerability exists due to a misconfiguration in the Nginx server which allows an attacker to use a single path traversal payload and read all the files in /labelstudio/core...

GHSA-CPMR-MW4J-99R7 Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/

Summary The vulnerability resides on the Nginx config file: https://github.com/heartexlabs/label-studio/blob/53944e6bcede75ca5c102d655013f2e5238e85e6/deploy/default.confL119 The pattern on location /static indicates a popular misconfiguration on Nginx servers presented in 2018 originally by Orang...

Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/

Summary The vulnerability resides on the Nginx config file: https://github.com/heartexlabs/label-studio/blob/53944e6bcede75ca5c102d655013f2e5238e85e6/deploy/default.confL119 The pattern on location /static indicates a popular misconfiguration on Nginx servers presented in 2018 originally by Orang...

Node.js March 17th Infrastructure Incident Post-mortem

Node.js March 17th Infrastructure Incident Post-mortem By Matt Cowley, Claudio Wunder, Mar 23, 2023 The Incident Starting on March 15th and going through to March 17th with much of the issue being mitigated on the 16th, users were receiving intermittent 404 responses when trying to download Node....

Low: nginx

Issue Overview: No CVE associated with this advisory Affected Packages: nginx Issue Correction: Run dnf update nginx --releasever 2023.0.20230322 or dnf update --advisory ALAS2023-2023-090 --releasever 2023.0.20230322 to update your system. More information on how to update your system can be fou...

Medium: nginx

Issue Overview: ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-090)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-090 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

Amazon Linux 2023 : nginx, nginx-all-modules, nginx-core (ALAS2023-2023-099)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-099 advisory. 2024-02-15: CVE-2021-3618 was added to this advisory. ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using...

CBL Mariner 2.0 Security Update: nginx / vsftpd (CVE-2021-3618)

The version of nginx / vsftpd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-3618 advisory. - ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing...

CVE-2023-25804

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

CVE-2023-25804

CVE-2023-25804 affects Roxy-WI web interface for managing Haproxy, Nginx, Apache, and Keepalived. The vulnerability is a limited path traversal in the name parameter that allows an SSH key to be saved to an unintended location (for example, /tmp) using a payload such as ../../../../../tmp/test111...

CVE-2023-25804 Roxy-WI vulnerable to Limited Path Traversal in name parameter

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.5.0 have a limited path traversal vulnerability. An SSH key can be saved into an unintended location, for example the /tmp folder using a payload ../../../../../tmp/test111dev. This issue...

Roxy-WI 路径遍历漏洞

Roxy-WI is an open source web interface for managing Haproxy, Nginx and Keepalived servers. A path traversal vulnerability exists in Roxy-WI versions prior to 6.3.5.0, which stems from the fact that SSH keys can be saved to an unexpected location, such as ... /... /... /... /... /tmp/test111dev...