CVE-2024-23828
published 2024-01-29CVE-2024-23828: Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the…
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.05%
60.1th percentile
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | 0xjacky_nginx-ui | >= 0 < 2.0.0-beta.12 | 2.0.0-beta.12 |
| nginxui | nginx_ui | < 2.0.0 | 2.0.0 |
| nginxui | nginx_ui | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI
osv·2024-06-28
CVE-2024-23828 Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: github.com/0xJacky/Nginx-UI before v2.0.0-beta.12.
GHSA
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
ghsa·2024-01-29
CVE-2024-23828 [HIGH] CWE-74 Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
### Summary
Fix bypass to the following bugs
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35
Allowing to inject directly in the `app.ini` via CRLF to change the value of `test_config_cmd` and `start_cmd` resulting in an Authenticated RCE
### Impact
Authenticated Remote execution on the host
OSV
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
osv·2024-01-29
CVE-2024-23828 [HIGH] Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
### Summary
Fix bypass to the following bugs
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m
- https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35
Allowing to inject directly in the `app.ini` via CRLF to change the value of `test_config_cmd` and `start_cmd` resulting in an Authenticated RCE
### Impact
Authenticated Remote execution on the host
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-29
Published