Product

Nginx-UI (>= 2.0.0, <= 2.3.5)

1 brief RSS

Nginx-UI Unauthenticated Initial Admin Claim Vulnerability

An unauthenticated network attacker can claim the initial administrator account on a fresh Nginx-UI instance during the first-run setup window by exploiting the publicly accessible /api/install endpoint.

Nginx-UI initial-access authentication-bypass

2r 1t Jan 3, 2024