CVE-2024-49368 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Vendor	Product	Version
nginxui	nginx_ui	𝑥 ≤ 1.9.9-4
nginxui	nginx_ui	2.0.0:beta1
nginxui	nginx_ui	2.0.0:beta10
nginxui	nginx_ui	2.0.0:beta10_patch
nginxui	nginx_ui	2.0.0:beta11
nginxui	nginx_ui	2.0.0:beta12
nginxui	nginx_ui	2.0.0:beta13
nginxui	nginx_ui	2.0.0:beta13-patch
nginxui	nginx_ui	2.0.0:beta14
nginxui	nginx_ui	2.0.0:beta15
nginxui	nginx_ui	2.0.0:beta16
nginxui	nginx_ui	2.0.0:beta17
nginxui	nginx_ui	2.0.0:beta18
nginxui	nginx_ui	2.0.0:beta18-patch1
nginxui	nginx_ui	2.0.0:beta18-patch2
nginxui	nginx_ui	2.0.0:beta19
nginxui	nginx_ui	2.0.0:beta2
nginxui	nginx_ui	2.0.0:beta20
nginxui	nginx_ui	2.0.0:beta21
nginxui	nginx_ui	2.0.0:beta22
nginxui	nginx_ui	2.0.0:beta23
nginxui	nginx_ui	2.0.0:beta23-patch1
nginxui	nginx_ui	2.0.0:beta23-ptach2
nginxui	nginx_ui	2.0.0:beta24
nginxui	nginx_ui	2.0.0:beta25
nginxui	nginx_ui	2.0.0:beta25-patch1
nginxui	nginx_ui	2.0.0:beta25-ptach2
nginxui	nginx_ui	2.0.0:beta27
nginxui	nginx_ui	2.0.0:beta28
nginxui	nginx_ui	2.0.0:beta29
nginxui	nginx_ui	2.0.0:beta3
nginxui	nginx_ui	2.0.0:beta30
nginxui	nginx_ui	2.0.0:beta31
nginxui	nginx_ui	2.0.0:beta32
nginxui	nginx_ui	2.0.0:beta32-patch1
nginxui	nginx_ui	2.0.0:beta33
nginxui	nginx_ui	2.0.0:beta34
nginxui	nginx_ui	2.0.0:beta35
nginxui	nginx_ui	2.0.0:beta4
nginxui	nginx_ui	2.0.0:beta4_patch
nginxui	nginx_ui	2.0.0:beta5
nginxui	nginx_ui	2.0.0:beta5_patch
nginxui	nginx_ui	2.0.0:beta6
nginxui	nginx_ui	2.0.0:beta6_patch
nginxui	nginx_ui	2.0.0:beta6_patch2
nginxui	nginx_ui	2.0.0:beta7
nginxui	nginx_ui	2.0.0:beta8
nginxui	nginx_ui	2.0.0:beta8_patch
nginxui	nginx_ui	2.0.0:beta9

𝑥

= Vulnerable software versions

Known Exploits!

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm