Name of the Vulnerable Software and Affected Versions:

Nginx Proxy Manager version 2.12.3

Description:

A Cross-Origin Resource Sharing (CORS) misconfiguration allows unauthorized domains to access sensitive data, specifically JSON Web Tokens (JWT), due to improper validation of the Origin header. This enables attackers to intercept tokens using a browser script and exfiltrate them to a remote attacker-controlled server, potentially leading to unauthorized actions.

Recommendations:

Update Nginx Proxy Manager to a version that addresses this misconfiguration.