CVE-2024-22198 HIGH

CVE-2024-22198: Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)

Vendor 0Xjacky
Product nginx-ui
Weakness CWE-77
Published January 11, 2024
Last update August 1, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

Key dates

02Disclosure timeline

January 11, 2024 CVE published
August 1, 2024 Record updated