CVE-2024-23827
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-23827
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-23827.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-23827
- Aliases
- Related
- Published
- 2024-01-29T16:15:09Z
- Modified
- 2025-01-08T09:50:21.541344Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
- References
Affected packages
Git / github.com/0xjacky/nginx-ui
Affected ranges
- Type
- GIT
- Repo
- https://github.com/0xjacky/nginx-ui
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affectedLast affected
Affected versions
v1.*
v1.1.0
v1.2.0
v1.2.0-alpha.3
v1.2.0-alpha.4
v1.2.0-rc.1
v1.2.0-rc.2
v1.2.0-rc.3
v1.2.1
v1.2.2
v1.3.0
v1.3.0-rc1
v1.3.1
v1.3.1-fix
v1.3.2
v1.3.3-rc1
v1.4.0
v1.4.0-rc1
v1.4.1
v1.4.2
v1.5.0
v1.5.0-beta1
v1.5.0-beta2
v1.5.0-beta3
v1.5.0-beta4
v1.5.0-beta4-fix
v1.5.0-beta5
v1.5.0-beta6
v1.5.0-beta7
v1.5.0-beta8
v1.5.0-beta9
v1.5.1
v1.5.2
v1.6.0
v1.6.0-fix
v1.6.1
v1.6.2
v1.6.3
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.7.0
v1.7.0-patch
v1.7.1
v1.7.2