Miffyaa

**Name of the Vulnerable Software and Affected Versions** Nginx UI versions prior to 2.3.5 **Description** An authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node that points to an arbitrary internal URL and sending API requests with the `X-Node-ID` header. The Proxy middleware, specifically within the `Proxy()` function in `internal/middleware/proxy.go`, intercepts these requests and forwards them to the specified internal address without validating the node URL. This allows attackers to bypass network segmentation and access services bound to localhost, internal networks, or cloud metadata endpoints. The process involves retrieving the `node secret` from the '/api/settings' endpoint and creating a malicious node via the '/api/nodes' endpoint. **Recommendations** Update to a version later than 2.3.4.