CVE-2024-22196 - OpenCVE

Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Nginxui	Nginx Ui

Configuration 1 [-]

OR	cpe:2.3:a:nginxui:nginx_ui::::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch::::::

References

Link	Resource
https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b	Patch
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c	Exploit Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-11T19:24:07.984Z

Updated: 2024-01-11T19:24:07.984Z

Reserved: 2024-01-08T04:59:27.371Z

Link: CVE-2024-22196

JSON object: View

NVD Information

Status : Modified

Published: 2024-01-11T20:15:44.923

Modified: 2024-02-29T01:44:05.347

Link: CVE-2024-22196

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2024-22196", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.371Z", "datePublished": "2024-01-11T19:24:07.984Z", "dateUpdated": "2024-01-11T19:24:07.984Z"}, "containers": {"cna": {"title": "Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"}, {"name": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b", "tags": ["x_refsource_MISC"], "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b"}], "affected": [{"vendor": "0xJacky", "product": "nginx-ui", "versions": [{"version": "< 2.0.0.beta.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T19:24:07.984Z"}, "descriptions": [{"lang": "en", "value": "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.\n\n"}], "source": {"advisory": "GHSA-h374-mm57-879c", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4426F94-540E-497C-AE75-04126AF12112", "versionEndExcluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*", "matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*", "matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*", "matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*", "matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*", "matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.\n\n"}, {"lang": "es", "value": "Nginx-UI es una estad\u00edstica en l\u00ednea para indicadores del servidor que monitorea el uso de la CPU, el uso de la memoria, el promedio de carga y el uso del disco en tiempo real. Este problema puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Al utilizar `DefaultQuery`, los valores `\"desc\"` e `\"id\"` se utilizan como valores predeterminados si los par\u00e1metros de consulta no est\u00e1n configurados. Por lo tanto, los par\u00e1metros de consulta `order` y `sort_by` est\u00e1n controlados por el usuario y se agregan a la variable `order` sin ning\u00fan tipo de sanitizaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 2.0.0.beta.9."}], "id": "CVE-2024-22196", "lastModified": "2024-02-29T01:44:05.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-11T20:15:44.923", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}