CVE-2024-22198

HIGH

Nginx-UI - Authenticated RCE

Title source: llm

Description

Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9.

Exploits (1)

nomisec SCANNER

by xiw1ll · poc

https://github.com/xiw1ll/CVE-2024-22198_Checker

View Code ZIP pw:eip

References (7)

[Product] https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18

[Product] https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11

[Product] https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29

[Product] https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45

[Product] https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12

[Patch] https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3

[Exploit, Vendor Advisory] https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35

Scores

CVSS v3 7.1

EPSS 0.1601

EPSS Percentile 94.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L

Details

CWE

CWE-77

Status published

Products (3)

0xJacky/Nginx-UI 0 - 2.0.0.beta.9Go

nginxui/nginx_ui 2.0.0 beta1 (13 CPE variants)

nginxui/nginx_ui < 2.0.0

Published Jan 11, 2024

Tracked Since Feb 18, 2026