CVE-2024-23827
Nginx-UI arbitrary file write through the Import Certificate feature
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
Nginx-UI es una interfaz web para administrar configuraciones de Nginx. La función Import Certificate permite la escritura arbitraria en el sistema. La función no verifica si la entrada del usuario proporcionada es una certificación/clave y permite escribir en rutas arbitrarias en el sistema. Es posible aprovechar la vulnerabilidad para ejecutar código remoto sobrescribiendo el archivo de configuración app.ini. La versión 2.0.0.beta.12 solucionó el problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2024-01-22 CVE Reserved
- 2024-01-29 CVE Published
- 2024-02-09 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | alpha2 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | alpha3 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | alpha4 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | rc1 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | rc2 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.0" | rc3 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.2.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.2.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.0" | rc1 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.1" | fix |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.3.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.3.3" | rc1 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.0" | rc1 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.4.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.4.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta1 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta2 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta3 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta4 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta4_fix |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta5 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta6 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta7 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta8 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.0" | beta9 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.5.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.5.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.0" | fix |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.3" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.5 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.5" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.6 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.6" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.7 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.7" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.6.8 Search vendor "Nginxui" for product "Nginx Ui" and version "1.6.8" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.0" | patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.3" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.4" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.5 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.5" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.6 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.6" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.7 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.7" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.8 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.8" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.7.9 Search vendor "Nginxui" for product "Nginx Ui" and version "1.7.9" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.0 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.0" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.3" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.4" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.8.4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.8.4" | patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-1 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-1" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-2 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-2" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-3 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-3" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 1.9.9-4 Search vendor "Nginxui" for product "Nginx Ui" and version "1.9.9-4" | - |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta1 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta10 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta10_patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta11 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta2 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta3 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta4 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta4_patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta5 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta5_patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta6 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta6_patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta6_patch2 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta7 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta8 |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta8_patch |
Affected
| ||||||
Nginxui Search vendor "Nginxui" | Nginx Ui Search vendor "Nginxui" for product "Nginx Ui" | 2.0.0 Search vendor "Nginxui" for product "Nginx Ui" and version "2.0.0" | beta9 |
Affected
|