Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue.
The certificate import mechanism does not verify whether the provided input data is actually a certificate or cryptographic key. Lack of validation of the target path (path traversal, CWE-22) enables writing arbitrary content to any path in the file system. An attacker can overwrite the app.ini configuration file with malicious content, which consequently leads to arbitrary code execution on the server (RCE).
An unauthenticated attacker can gain full control over the server through remote code execution, and can arbitrarily read, modify, or destroy data in the system.
Nginx-UI should be updated to version 2.0.0.beta.12 or newer, in which the issue has been fixed. Details available in vendor references (GitHub Security Advisory GHSA-xvq9-4vpv-227m).
Nginx-UI (authored by 0xJacky) in versions prior to 2.0.0.beta.12
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNginxui nginx Ui
APPNginxui1.2.01.2.11.2.21.3.01.3.11.3.21.3.31.4.01.4.11.4.21.5.01.5.11.5.21.6.01.6.1+ 27 więcej
Related vulnerabilities
Nginx UI: nieuwierzytelnione RCE przez endpoint przywracania kopii zapasowej
Nginx UI: nieuwierzytelniony dostęp do endpointu MCP umożliwia przejęcie serwera
Nginx UI: manipulacja zaszyfrowanymi kopiami zapasowymi i wstrzyknięcie konfiguracji
Nginx UI: nieuwierzytelniony dostęp do backupu z ujawnieniem kluczy szyfrowania
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can per...