gsd-2024-23827
Vulnerability from gsd
Modified
2024-01-23 06:02
Details
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
Aliases
{
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-23827"
],
"details": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It\u0027s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.",
"id": "GSD-2024-23827",
"modified": "2024-01-23T06:02:22.070610Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2024-23827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nginx-ui",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "\u003c 2.0.0.beta.12"
}
]
}
}
]
},
"vendor_name": "0xJacky"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It\u0027s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue."
}
]
},
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"cweId": "CWE-22",
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m",
"refsource": "MISC",
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m"
}
]
},
"source": {
"advisory": "GHSA-xvq9-4vpv-227m",
"discovery": "UNKNOWN"
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:-:*:*:*:*:*:*",
"matchCriteriaId": "E5EB4B0D-CE6A-45CE-8971-15BBB0722394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "347055AA-23A7-4D03-A46B-0A51A0357EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "9D17A6DA-3309-4029-9DAD-76ABAA1EA38A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "2E720E78-E724-4E65-9AFC-BC83E2B6405F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0F445EB2-0B0B-44D1-9A6F-A23BB7CBA264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "6D4CD22F-4078-4EA1-8790-D6FD110A2893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6FE185FE-3B3F-4E46-8812-2512B25E3AD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861646B0-3CD6-4037-9EE4-550B9B7E5FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D82994-E977-4148-9E6D-EB87E77EC702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B30244FF-039B-44F2-AC1A-5FDB7F98A2C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "45F8125A-57BE-4E62-94A2-FBDD0BCB67E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "73DB5C6F-0F75-44F4-B47F-44F3805C0E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.1:fix:*:*:*:*:*:*",
"matchCriteriaId": "D9D6B6EA-823D-4D36-84DC-69CB14AA3120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B31BCF4-F00E-42E1-9BCA-F7C0D164FB7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.3.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B098A3C6-DFE3-41C5-AADB-52C36A08F566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.0:-:*:*:*:*:*:*",
"matchCriteriaId": "5F5057DF-FA0A-4A41-BC6F-0F20529BACAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C7F7B02B-C43C-4E57-B844-F1708125BAB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF6CBAAD-0A17-4E43-965B-C525DADCA3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7EBA5C6E-25FC-4952-BA2C-6C44770D8861",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:-:*:*:*:*:*:*",
"matchCriteriaId": "BDA3575B-E64E-42AD-A12C-ADD2BD61065C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "659E6E9F-A297-4115-884B-C4D7EE2CB155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "4E1A2B34-9B82-429D-83E4-951344B31CAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "B43B60D3-743D-4965-B0FF-3FBDA3DFB7B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "36DB77DA-4ED4-4800-8251-EB4F4BBA4A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta4_fix:*:*:*:*:*:*",
"matchCriteriaId": "E9596AB0-0985-45A3-9EC4-4331A62E59D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "A7659CD3-117A-427A-BDAB-E9580D0CE0A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "8D398E64-80C0-4E7F-9BAB-37200FE42EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "9CF56792-52E6-4A24-8488-8DBCE0DF2E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "2D59E88D-CFF0-4039-A236-86AEFA9D6135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "F6C8AFA8-8F62-43A3-99E3-D2BA31B94AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED48548E-A6AB-4AE7-B70F-540F13FA3171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C645D38E-9AF7-4334-96B0-B674A2DD0E01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.0:-:*:*:*:*:*:*",
"matchCriteriaId": "B3B50213-0F6A-4C86-A819-BC4CEC4CD6A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.0:fix:*:*:*:*:*:*",
"matchCriteriaId": "5EAB6269-238F-4342-BFF3-8D52E068A797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "830987AC-8021-4898-B031-5D158A2EBFA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C48387B2-B727-4184-9AEE-F2641F14B96F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF0BF25-8BBD-408E-AD26-2F5A5A7A8799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0E90DD77-C9D3-418B-A77D-6B6513F1B2CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F01E473A-7007-43B3-8801-4EDCB94433B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BF5C23AA-D701-4153-A798-BC62D2227E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FD3E2589-AA3E-4FBD-9BE0-8C6343AA2D5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3F287D86-DE0B-4EFA-A59B-26142539F4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.0:patch:*:*:*:*:*:*",
"matchCriteriaId": "F6CA517E-298A-4594-A5C3-01D714B45FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E988C01A-A8E8-4A78-86FE-D479E85D1C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3089766-C08D-46ED-96CD-FBD23918CE91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7556CA53-63DB-456A-9F4F-D2216577214B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7D3809-15E2-46D7-B655-872D39516423",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10DF1FCF-60F0-4E1E-B527-038D62D70061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "692F6EB8-A3DA-41D4-ADC0-A62475056CCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB220C58-FEB5-4D00-856A-B8F02089EC69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3F256AE5-04EC-4F8E-BBC4-76F16736E275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C5878D75-96C7-44AB-8982-705FBC2A7825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2FBE3D-3B56-4E56-8156-63FE4F1B8CF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00B0C7D6-30BF-4ABD-A72C-795D60DC5CC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05EA49-627E-4A40-ABB0-E590623C0B90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47930D99-B18D-4A65-B49E-060B661919E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.4:-:*:*:*:*:*:*",
"matchCriteriaId": "6C3B1880-D8EB-40CA-B241-02B3C8B49869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.8.4:patch:*:*:*:*:*:*",
"matchCriteriaId": "E7700F38-C7DD-4F86-B3DE-C3C9A28370A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C994DA95-D877-4319-911A-90918A9C566F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3AB27842-9235-4E3D-9E07-5DC873560D35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-2:*:*:*:*:*:*:*",
"matchCriteriaId": "598FBDD0-E019-4AA5-B561-65B4D1BE084A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-3:*:*:*:*:*:*:*",
"matchCriteriaId": "489C42D9-39E2-4491-B318-18A20732ED62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:1.9.9-4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E801BBB-76D3-4873-A431-549FE7DE5451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10:*:*:*:*:*:*",
"matchCriteriaId": "D684FFEF-4451-49ED-A04D-CF74F45A2F40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10_patch:*:*:*:*:*:*",
"matchCriteriaId": "D5984B3A-40C9-4188-976C-E9EB166FA624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta11:*:*:*:*:*:*",
"matchCriteriaId": "EDE74B22-31D1-41D1-A5DD-DB4AAA7A7984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*",
"matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*",
"matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*",
"matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*",
"matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*",
"matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*",
"matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*",
"matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*",
"matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*",
"matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta9:*:*:*:*:*:*",
"matchCriteriaId": "B52F973F-A2F2-40C2-9936-9447B5803CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It\u0027s possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue."
},
{
"lang": "es",
"value": "Nginx-UI es una interfaz web para administrar configuraciones de Nginx. La funci\u00f3n Import Certificate permite la escritura arbitraria en el sistema. La funci\u00f3n no verifica si la entrada del usuario proporcionada es una certificaci\u00f3n/clave y permite escribir en rutas arbitrarias en el sistema. Es posible aprovechar la vulnerabilidad para ejecutar c\u00f3digo remoto sobrescribiendo el archivo de configuraci\u00f3n app.ini. La versi\u00f3n 2.0.0.beta.12 solucion\u00f3 el problema."
}
],
"id": "CVE-2024-23827",
"lastModified": "2024-02-08T16:42:39.110",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2024-01-29T16:15:09.867",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
}
}
}
Loading...