CVE-2023-1550

Name of the Vulnerable Software and Affected Versions NGINX Agent versions 2.0 through 2.23.2

Description The issue is related to insufficient protection of registration data, which may allow an attacker to gain access to private keys. This can occur when an authenticated attacker with local access reads agent log files, specifically when non-default trace level logging is enabled. The vulnerability is associated with the insertion of sensitive information into log files.

Recommendations For NGINX Agent versions 2.0 through 2.23.2, update to version 2.23.3 or later to resolve the issue. As a temporary workaround, consider disabling non-default trace level logging to minimize the risk of exploitation. Restrict access to agent log files to prevent authenticated attackers from reading sensitive information.