GHSA-Q4W7-56HR-83RM Nginx-UI Settings API Exposes Protected Secrets

Summary The GetSettings API handler api/settings/settings.go:24-65 serializes all settings structs to JSON and returns them to authenticated users. Many sensitive fields are tagged with protected:"true" - however, this tag is only enforced during writes via ProtectedFill in SaveSettings and is...

GHSA-7JRR-XW9C-MJ39 Nginx-UI: Authenticated settings disclosure exposes node.secret and enables trusted-node authentication abuse, backup exfiltration, and restore-based nginx-ui state rollback

Summary An authenticated user can call GET /api/settings and retrieve sensitive configuration values, including node.secret. The same node.secret is accepted by AuthRequired through the X-Node-Secret header or nodesecret query parameter, causing the request to be treated as authenticated via the...

PT-2026-36920

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.8 Description An authenticated user can access the 'GET /api/settings' endpoint to retrieve sensitive configuration values, such as node.secret. This secret is accepted by the AuthRequired function via the...