CVE-2024-49367
Oct. 21, 2024, 5:15 p.m.
Tags
Product(s) Impacted
Nginx UI
- before 2.0.0-beta.36
Description
Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue.
Weaknesses
CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE ID: 862Date
Published: Oct. 21, 2024, 5:15 p.m.
Last Modified: Oct. 21, 2024, 5:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security-advisories@github.com
References
security-advisories@github.com
security-advisories@github.com