High severityNVD Advisory· Published Jan 11, 2024· Updated Aug 1, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
CVE-2024-22198
Description
Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The Home > Preference page exposes a list of system settings such as Run Mode, Jwt Secret, Node Secret and Terminal Start Command. While the UI doesn't allow users to modify the Terminal Start Command setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/0xJacky/Nginx-UIGo | < 2.0.0.beta.9 | 2.0.0.beta.9 |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-8r25-68wm-jw35ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-22198ghsaADVISORY
- github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.goghsax_refsource_MISCWEB
- github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.goghsax_refsource_MISCWEB
- github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.goghsax_refsource_MISCWEB
- github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.goghsax_refsource_MISCWEB
- github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.goghsax_refsource_MISCWEB
- github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3ghsax_refsource_MISCWEB
- github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.