CVE-2024-49366

Published: Oct 21, 2024Modified: Nov 7, 2024

7.7

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: security-advisories@github.com (Secondary)

Description

Nginx UI is a web user interface for the Nginx web server. Nginx UI v2.0.0-beta.35 and earlier gets the value from the json field without verification, and can construct a value value in the form of `../../`. Arbitrary files can be written to the server, which may result in loss of permissions. Version 2.0.0-beta.26 fixes the issue.

Affected (49)

Products: Nginxui: Nginx Ui

Nginxui

1 product

Nginx Ui

Configuration A

49 vulnerable

Vulnerable Software	Affected Versions
Nginxui Nginx Ui	Up to 1.9.9-4
Nginxui Nginx Ui	Version 2.0.0 beta10
Nginxui Nginx Ui	Version 2.0.0 beta10_patch
Nginxui Nginx Ui	Version 2.0.0 beta11
Nginxui Nginx Ui	Version 2.0.0 beta12
Nginxui Nginx Ui	Version 2.0.0 beta13-patch
Nginxui Nginx Ui	Version 2.0.0 beta13
Nginxui Nginx Ui	Version 2.0.0 beta14
Nginxui Nginx Ui	Version 2.0.0 beta15
Nginxui Nginx Ui	Version 2.0.0 beta16
Nginxui Nginx Ui	Version 2.0.0 beta17
Nginxui Nginx Ui	Version 2.0.0 beta18-patch1
Nginxui Nginx Ui	Version 2.0.0 beta18-patch2
Nginxui Nginx Ui	Version 2.0.0 beta18
Nginxui Nginx Ui	Version 2.0.0 beta19
Nginxui Nginx Ui	Version 2.0.0 beta1
Nginxui Nginx Ui	Version 2.0.0 beta20
Nginxui Nginx Ui	Version 2.0.0 beta21
Nginxui Nginx Ui	Version 2.0.0 beta22
Nginxui Nginx Ui	Version 2.0.0 beta23-patch1
Nginxui Nginx Ui	Version 2.0.0 beta23-ptach2
Nginxui Nginx Ui	Version 2.0.0 beta23
Nginxui Nginx Ui	Version 2.0.0 beta24
Nginxui Nginx Ui	Version 2.0.0 beta25-patch1
Nginxui Nginx Ui	Version 2.0.0 beta25-ptach2
Nginxui Nginx Ui	Version 2.0.0 beta25
Nginxui Nginx Ui	Version 2.0.0 beta27
Nginxui Nginx Ui	Version 2.0.0 beta28
Nginxui Nginx Ui	Version 2.0.0 beta29
Nginxui Nginx Ui	Version 2.0.0 beta2
Nginxui Nginx Ui	Version 2.0.0 beta30
Nginxui Nginx Ui	Version 2.0.0 beta31
Nginxui Nginx Ui	Version 2.0.0 beta32-patch1
Nginxui Nginx Ui	Version 2.0.0 beta32
Nginxui Nginx Ui	Version 2.0.0 beta33
Nginxui Nginx Ui	Version 2.0.0 beta34
Nginxui Nginx Ui	Version 2.0.0 beta35
Nginxui Nginx Ui	Version 2.0.0 beta3
Nginxui Nginx Ui	Version 2.0.0 beta4
Nginxui Nginx Ui	Version 2.0.0 beta4_patch
Nginxui Nginx Ui	Version 2.0.0 beta5
Nginxui Nginx Ui	Version 2.0.0 beta5_patch
Nginxui Nginx Ui	Version 2.0.0 beta6
Nginxui Nginx Ui	Version 2.0.0 beta6_patch2
Nginxui Nginx Ui	Version 2.0.0 beta6_patch
Nginxui Nginx Ui	Version 2.0.0 beta7
Nginxui Nginx Ui	Version 2.0.0 beta8
Nginxui Nginx Ui	Version 2.0.0 beta8_patch
Nginxui Nginx Ui	Version 2.0.0 beta9

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36

Source: security-advisories@github.com

Release Notes

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-prv4-rx44-f7jr

Source: security-advisories@github.com

ExploitVendor Advisory

Timeline

No history available yet.