CVE-2024-22198

Exploit

EPSS 20.31%
Veröffentlicht 11.01.2024 20:15:45
Zuletzt bearbeitet 21.11.2024 08:55:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nginxui ≫ Nginx Ui Version < 2.0.0

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta1

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta2

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta3

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta4

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta4_patch

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta5

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta5_patch

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta6

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta6_patch

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta6_patch2

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta7

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta8

Nginxui ≫ Nginx Ui Version2.0.0 Updatebeta8_patch

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	20.31%	0.954

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	7.1	1.6	5.5	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3

Patch

https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18

Product

https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11

Product

https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29

Product

https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45

Product

https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12

Product