Kakeru-Ishii

**Name of the Vulnerable Software and Affected Versions** Nginx UI version 2.3.5 **Description** Nginx UI, a web user interface for the Nginx web server, contains a flaw allowing an unauthenticated bootstrap takeover. This occurs during the initial installation window via the 'POST /api/install' endpoint. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions Chartbrew versions prior to 4.9.0 Description Chartbrew is a web application that connects to databases and APIs to create charts. A cross-tenant authorization bypass exists in the GET `/team/:team id/template/generate/:project id` endpoint. The handler calls `checkAccess(req, "updateAny", "chart")` without awaiting the promise, and it does not verify that the supplied `project id` belongs to the requesting team. This allows an authenticated attacker with template-generation permissions in their own team to request template data for a project belonging to another team and receive victim project data. Recommendations Update to version 4.9.0 or later.