Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 12 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-02-13T16:39:29.086Z

Reserved: 2023-03-21T16:43:56.998Z

Link: CVE-2023-1550

cve-icon Vulnrichment

Updated: 2024-08-02T05:49:11.695Z

cve-icon NVD

Status : Modified

Published: 2023-03-29T17:15:07.107

Modified: 2024-11-21T07:39:25.473

Link: CVE-2023-1550

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.