5 matches found
CVE-2024-49368
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, when Nginx UI configures logrotate, it does not verify the input and directly passes it to exec.Command, causing arbitrary command execution. Version 2.0.0-beta.36 fixes this issue...
CVE-2024-49367 Nginx UI's log path can be controlled
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...
CVE-2024-49367 Nginx UI's log path can be controlled
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...
CVE-2024-49367 Nginx UI's log path can be controlled
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at /api/configs to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue...
CVE-2024-49367
CVE-2024-49367 affects Nginx UI prior to version 2.0.0-beta.36. The issue is a controllable log path that, when combined with directory traversal at the /api/configs endpoint, allows reading directories and file contents on the server. A fixed version is 2.0.0-beta.36. Connected sources confirm t...