CVE-2024-23827
Nginx-UI arbitrary file write through the Import Certificate feature
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
Nginx-UI es una interfaz web para administrar configuraciones de Nginx. La función Import Certificate permite la escritura arbitraria en el sistema. La función no verifica si la entrada del usuario proporcionada es una certificación/clave y permite escribir en rutas arbitrarias en el sistema. Es posible aprovechar la vulnerabilidad para ejecutar código remoto sobrescribiendo el archivo de configuración app.ini. La versión 2.0.0.beta.12 solucionó el problema.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-22 CVE Reserved
- 2024-01-29 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | alpha2 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | alpha3 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | alpha4 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | rc1 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | rc2 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | rc3 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.0" | rc1 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.1" | fix |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.3" | rc1 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.0" | rc1 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta1 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta2 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta3 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta4 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta4_fix |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta5 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta6 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta7 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta8 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta9 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.0" | fix |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.3" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.5 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.5" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.6 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.6" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.7 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.7" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.8 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.8" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.0" | patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.3" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.4" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.5 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.5" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.6 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.6" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.7 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.7" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.8 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.8" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.9 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.9" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.0" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.3" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.4" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.4" | patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-1" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-2" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-3" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-4" | - |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta1 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta10 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta10_patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta11 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta2 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta3 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta4 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta4_patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta5 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta5_patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta6 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta6_patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta6_patch2 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta7 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta8 |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta8_patch |
Affected
| ||||||
| Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta9 |
Affected
| ||||||