CVE-2023-1550

CWE-532Log File Information Exposure4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.2%
top 54.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
F5 Nginx AgentF5 Nginx Instance Manager
Timeline
PublishedMar 29

Description

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5f5/nginx_agent2.02.23.3
NVDf5/nginx_agent2.0.02.23.3
NVDf5/nginx_instance_manager2.0.02.9.0

🔴Vulnerability Details

2
GHSA
GHSA-68qv-j282-p3jm: Insertion of Sensitive Information into log file vulnerability in NGINX Agent2023-03-29
CVEList
NGINX Agent vulnerability CVE-2023-15502023-03-29

📋Vendor Advisories

1
F5
CVE-2023-1550: Insertion of Sensitive Information into log file vulnerability in NGINX Agent2023-03-29
CVE-2023-1550 (MEDIUM CVSS 5.5) | Insertion of Sensitive Information | cvebase.io