Skip to content
Threat Feed
Subscribe

Tag

Nginx-Ui

5 briefs RSS
medium advisory

nginx-ui Information Disclosure Vulnerability

A remote, authenticated attacker can exploit a vulnerability in nginx-ui to disclose sensitive information.

nginx-ui information-disclosure web-application
2r 1t
critical advisory

Nginx-UI Unauthenticated Remote Code Execution via Backup Restore

Nginx-UI is vulnerable to unauthenticated remote code execution (RCE) via the `POST /api/restore` endpoint, allowing attackers to inject arbitrary commands into the configuration.

nginx-ui rce authentication bypass command injection devops
2r 2t
medium advisory

Nginx-UI Unauthenticated Initial Admin Claim Vulnerability

An unauthenticated network attacker can claim the initial administrator account on a fresh Nginx-UI instance during the first-run setup window by exploiting the publicly accessible /api/install endpoint.

Nginx-UI initial-access authentication-bypass
2r 1t
high advisory

Nginx-UI SSRF Vulnerability via Cluster Node Proxy

Nginx-UI version 2.3.4 and earlier is vulnerable to Server-Side Request Forgery (SSRF) allowing authenticated users to access internal services by manipulating cluster node configurations.

Nginx-UI ssrf web-application
2r 1t
critical advisory

Nginx-UI Unauthenticated Bootstrap Takeover

Nginx-UI version 2.3.5 is vulnerable to an unauthenticated takeover via the `/api/install` endpoint during the initial setup window, allowing a remote attacker to claim administrative control of a fresh instance.

nginx-ui bootstrap-takeover unauthenticated-access initial-access
2r 1t 1i