CVE-2024-22197 Information

Jan 12, 2024 cve

Description

Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage memory usage load average and disk usage in real-time. The Home > Preference page exposes a small list of nginx settings such as Nginx Access Log Path and Nginx Error Log Path. However the API also exposes test_config_cmd reload_cmd and restart_cmd. While the UI doesn’t allow users to modify any of these settings it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution Privilege Escalation and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.

Reference

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3

Share on: