CVE-2023-28724

Name of the Vulnerable Software and Affected Versions NGINX Management Suite (affected versions not specified) NGINX Instance Manager (affected versions not specified) NGINX API Connectivity Manager (affected versions not specified) NGINX Security Monitoring (affected versions not specified)

Description The issue is related to the default file permissions in the NGINX Management Suite, which may allow an authenticated attacker to modify sensitive files on the NGINX Instance Manager and NGINX API Connectivity Manager. This could potentially lead to privilege escalation. The vulnerability is associated with incorrectly used default permissions.

Recommendations For NGINX Management Suite, update the default file permissions to prevent unauthorized modifications. For NGINX Instance Manager, restrict access to sensitive files until a patch is available. For NGINX API Connectivity Manager, consider disabling the modification of sensitive files as a temporary workaround. For NGINX Security Monitoring, review and adjust the default permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.