mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
140 lines
5.9 KiB
JSON
140 lines
5.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-3738",
|
|
"ASSIGNER": "cna@vuldb.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability."
|
|
},
|
|
{
|
|
"lang": "deu",
|
|
"value": "Es wurde eine Schwachstelle in cym1102 nginxWebUI bis 3.9.9 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion handlePath der Datei /adminPage/conf/saveCmd. Durch das Beeinflussen des Arguments nginxPath mit unbekannten Daten kann eine improper certificate validation-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-295 Improper Certificate Validation",
|
|
"cweId": "CWE-295"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "cym1102",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "nginxWebUI",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.0"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.1"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.2"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.3"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.4"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.5"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.6"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.7"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.8"
|
|
},
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "3.9.9"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://vuldb.com/?id.260577",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?id.260577"
|
|
},
|
|
{
|
|
"url": "https://vuldb.com/?ctiid.260577",
|
|
"refsource": "MISC",
|
|
"name": "https://vuldb.com/?ctiid.260577"
|
|
},
|
|
{
|
|
"url": "https://github.com/cym1102/nginxWebUI/issues/138",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/cym1102/nginxWebUI/issues/138"
|
|
},
|
|
{
|
|
"url": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf",
|
|
"refsource": "MISC",
|
|
"name": "https://github.com/cym1102/nginxWebUI/files/14818455/nginxwebui.rce.3.9.9.pdf"
|
|
}
|
|
]
|
|
},
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"version": "3.1",
|
|
"baseScore": 7.3,
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
{
|
|
"version": "3.0",
|
|
"baseScore": 7.3,
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
{
|
|
"version": "2.0",
|
|
"baseScore": 7.5,
|
|
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"
|
|
}
|
|
]
|
|
}
|
|
} |