CVE-2024-22197

Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3	Patch
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nginxui:nginx_ui::::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch::::::

History

29 Feb 2024, 01:44

Type	Values Removed	Values Added
Summary	(en) Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.	(en) Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.

18 Jan 2024, 19:59

Type	Values Removed	Values Added
CPE		cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:::::: cpe:2.3:a:nginxui:nginx_ui:::::::: cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch::::::
CVSS	v2 : ~~unknown~~ v3 : ~~7.7~~	v2 : unknown v3 : 8.8
First Time		Nginxui nginx Ui Nginxui
References	~~() https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 -~~	() https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 - Patch
References	~~() https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m -~~	() https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m - Exploit, Vendor Advisory

12 Jan 2024, 13:47

Type	Values Removed	Values Added
Summary		(es) Nginx-ui son estadísticas en línea para indicadores del servidor. Supervise el uso de la CPU, el uso de la memoria, el promedio de carga y el uso del disco en tiempo real. La página `Home > Preference` expone una pequeña lista de configuraciones de nginx, como `Nginx Access Log Path` y `Nginx Error Log Path`. Sin embargo, la API también expone `test_config_cmd`, `reload_cmd` y `restart_cmd`. Si bien la interfaz de usuario no permite a los usuarios modificar ninguna de estas configuraciones, es posible hacerlo enviando una solicitud a la API. Este problema puede provocar una ejecución remota de código, una escalada de privilegios y una divulgación de información autenticada. Este problema se solucionó en la versión 2.0.0.beta.9.
Summary	(en) Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.	(en) Nginx-ui is online statistics for Server Indicators?? Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9.

11 Jan 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-11 18:15

Updated : 2024-02-29 01:44

NVD link : CVE-2024-22197

Mitre link : CVE-2024-22197

CVE.ORG link : CVE-2024-22197

JSON object : View

Products Affected

nginxui

nginx_ui

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

8.8 /10