3 matches found
CVE-2024-10318
Summary of CVE-2024-10318: A session-fixation vulnerability in the NGINX OpenID Connect reference implementation arises from nonce validation being skipped at login. This allows an attacker to coerce a victim’s session to an attacker-controlled account, enabling potential misuse of the victim’s s...
CVE-2023-28656
CVE-2023-28656 – NGINX Management Suite : An authenticated attacker may bypass authorization to access configuration objects outside their assigned environment, a control-plane issue with no data-plane exposure reported. The vulnerability affects NGINX Management Suite components (NGINX Instance ...
CVE-2023-28724
CVE-2023-28724 affects NGINX Management Suite components (NGINX Instance Manager and NGINX API Connectivity Manager). The root cause is incorrect default file permissions, allowing an authenticated attacker to modify sensitive files and potentially escalate privileges. Affected vulnerable ranges ...