CVE-2024-22196 - OpenCVE

Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nginxui	Nginx Ui

Configuration 1 [-]

OR	cpe:2.3:a:nginxui:nginx_ui::::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8::::::
	cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch::::::

No data.

References

Link	Providers
https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b
https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-01-11T19:24:07.984Z

Updated: 2024-08-01T22:35:34.935Z

Reserved: 2024-01-08T04:59:27.371Z

Link: CVE-2024-22196

Vulnrichment

No data.

NVD

Status : Modified

Published: 2024-01-11T20:15:44.923

Modified: 2024-02-29T01:44:05.347

Link: CVE-2024-22196

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-22196", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-01-08T04:59:27.371Z", "datePublished": "2024-01-11T19:24:07.984Z", "dateUpdated": "2024-08-01T22:35:34.935Z"}, "containers": {"cna": {"title": "Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"}, {"name": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b", "tags": ["x_refsource_MISC"], "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b"}], "affected": [{"vendor": "0xJacky", "product": "nginx-ui", "versions": [{"version": "< 2.0.0.beta.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-11T19:24:07.984Z"}, "descriptions": [{"lang": "en", "value": "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.\n\n"}], "source": {"advisory": "GHSA-h374-mm57-879c", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T22:35:34.935Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"}, {"name": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4426F94-540E-497C-AE75-04126AF12112", "versionEndExcluding": "2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*", "matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*", "matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*", "matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*", "matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*", "matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*", "matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*", "matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E", "vulnerable": true}, {"criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*", "matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nginx-UI is an online statistics for Server Indicators\u200b\u200b Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `\"desc\"` and `\"id\"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9.\n\n"}, {"lang": "es", "value": "Nginx-UI es una estad\u00edstica en l\u00ednea para indicadores del servidor que monitorea el uso de la CPU, el uso de la memoria, el promedio de carga y el uso del disco en tiempo real. Este problema puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n. Al utilizar `DefaultQuery`, los valores `\"desc\"` e `\"id\"` se utilizan como valores predeterminados si los par\u00e1metros de consulta no est\u00e1n configurados. Por lo tanto, los par\u00e1metros de consulta `order` y `sort_by` est\u00e1n controlados por el usuario y se agregan a la variable `order` sin ning\u00fan tipo de sanitizaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 2.0.0.beta.9."}], "id": "CVE-2024-22196", "lastModified": "2024-02-29T01:44:05.347", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-11T20:15:44.923", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}