CVE-2023-28656

Name of the Vulnerable Software and Affected Versions NGINX Management Suite (affected versions not specified) NGINX Instance Manager (affected versions not specified) NGINX API Connectivity Manager (affected versions not specified) NGINX Security Monitoring (affected versions not specified)

Description The issue allows an authenticated attacker to gain access to configuration objects outside of their assigned environment. This is related to an authorization bypass vulnerability using a user-controlled key, which can be exploited by a remote attacker to bypass security restrictions and gain read, modify, or delete access to data.

Recommendations For NGINX Management Suite, consider restricting access to configuration objects to minimize the risk of exploitation until a patch is available. For NGINX Instance Manager, temporarily disable the use of user-controlled keys to prevent authorization bypass. For NGINX API Connectivity Manager, restrict access to sensitive data to prevent unauthorized modification or deletion. For NGINX Security Monitoring, consider implementing additional security measures to prevent exploitation of the authorization bypass vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.