CVE-2024-22197

Name of the Vulnerable Software and Affected Versions Nginx-ui versions prior to 2.0.0.beta.9

Description The issue is related to the Nginx UI server, where the API exposes certain settings such as test config cmd, reload cmd, and restart cmd, which can be modified by sending a request to the API, potentially leading to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure.

Recommendations For versions prior to 2.0.0.beta.9, update to version 2.0.0.beta.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the API endpoints that expose test config cmd, reload cmd, and restart cmd to minimize the risk of exploitation.