{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T16:35:05.586","vulnerabilities":[{"cve":{"id":"CVE-2024-49367","sourceIdentifier":"security-advisories@github.com","published":"2024-10-21T17:15:03.783","lastModified":"2024-11-07T14:57:17.393","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file contents on the server. Version 2.0.0-beta.36 fixes the issue."},{"lang":"es","value":"Nginx UI es una interfaz de usuario web para el servidor web Nginx. Antes de la versión 2.0.0-beta.36, la ruta de registro de nginxui era controlable. Este problema se puede combinar con el recorrido del directorio en `/api/configs` para leer directorios y contenidos de archivos en el servidor. La versión 2.0.0-beta.36 soluciona el problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*","versionEndIncluding":"1.9.9-4","matchCriteriaId":"22A77A87-A811-4F69-A383-D7B7E5A4F3C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*","matchCriteriaId":"3C287A7F-66B4-406A-B87B-B954A1CA6D44"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10:*:*:*:*:*:*","matchCriteriaId":"D684FFEF-4451-49ED-A04D-CF74F45A2F40"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10_patch:*:*:*:*:*:*","matchCriteriaId":"D5984B3A-40C9-4188-976C-E9EB166FA624"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta11:*:*:*:*:*:*","matchCriteriaId":"EDE74B22-31D1-41D1-A5DD-DB4AAA7A7984"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta12:*:*:*:*:*:*","matchCriteriaId":"B99C6CCE-C042-4AB1-9D47-2DFE59851BE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta13:*:*:*:*:*:*","matchCriteriaId":"B484B49F-B83F-4E9F-BE87-059D7FE3BD51"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta13-patch:*:*:*:*:*:*","matchCriteriaId":"D61FFDC5-D5DE-4608-A303-2A804D25200F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta14:*:*:*:*:*:*","matchCriteriaId":"56799738-9FD4-41EC-B259-3273165DE071"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta15:*:*:*:*:*:*","matchCriteriaId":"B7CBB875-B2B8-473B-9F89-8CE4EF93819C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta16:*:*:*:*:*:*","matchCriteriaId":"B48C61F6-EE8C-4DA4-B2F1-58345C2A1507"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta17:*:*:*:*:*:*","matchCriteriaId":"96DB1BA6-5BA0-4E54-B32B-C7B789A8C25C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18:*:*:*:*:*:*","matchCriteriaId":"7FB8C798-E100-4290-8341-174F3E5B7C6A"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18-patch1:*:*:*:*:*:*","matchCriteriaId":"5E5F4274-4644-447B-9082-5F9491FD9D12"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18-patch2:*:*:*:*:*:*","matchCriteriaId":"4DF6E94E-E7DE-410B-AE2A-371D7FFFAB07"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta19:*:*:*:*:*:*","matchCriteriaId":"3715D4C4-C7E1-4B1D-8D06-2256065010A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*","matchCriteriaId":"25DD91AC-465B-4A43-A79F-4DE47243741C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta20:*:*:*:*:*:*","matchCriteriaId":"2ED9DDCE-D3CE-4F8C-AEC8-E8632BC8F2EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta21:*:*:*:*:*:*","matchCriteriaId":"7DE84C54-309D-4A91-9597-B09EF587B2EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta22:*:*:*:*:*:*","matchCriteriaId":"F81DFE2E-33CF-4ED6-B1F3-8DF059418AE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23:*:*:*:*:*:*","matchCriteriaId":"F6ADBCF5-1898-4B98-9F78-B9CE03E319DA"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23-patch1:*:*:*:*:*:*","matchCriteriaId":"F29790DF-EF6C-4C78-8479-8C2155685156"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23-ptach2:*:*:*:*:*:*","matchCriteriaId":"70EBD5F7-DC32-4534-9F0B-10D0B8629CEF"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta24:*:*:*:*:*:*","matchCriteriaId":"2CABC38D-7F44-4501-9889-125B988682A7"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25:*:*:*:*:*:*","matchCriteriaId":"5A7219E9-21D1-4F39-AC78-155468E48F06"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25-patch1:*:*:*:*:*:*","matchCriteriaId":"A5526972-5733-4F85-8208-F66BAA73ADA1"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25-ptach2:*:*:*:*:*:*","matchCriteriaId":"D3B74576-733E-4C21-A0A1-B03B5F6CB58E"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta27:*:*:*:*:*:*","matchCriteriaId":"8F947576-8B6B-40BA-A2A7-DF21A5501033"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta28:*:*:*:*:*:*","matchCriteriaId":"091FA173-5470-45B7-BBED-7DF06B5646F0"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta29:*:*:*:*:*:*","matchCriteriaId":"08052F6C-9D02-4EF3-BF93-EF4A16AD53FC"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*","matchCriteriaId":"115588C7-D947-4576-9E6C-B5AF1FCE9A29"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta30:*:*:*:*:*:*","matchCriteriaId":"432993A8-AAC1-4245-A0F1-BADED990EF01"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta31:*:*:*:*:*:*","matchCriteriaId":"3C29B365-6A28-4E28-BA04-FA2158E3A6B2"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta32:*:*:*:*:*:*","matchCriteriaId":"ED82D9C5-837C-4258-A7A1-1FA8CB6E13CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta32-patch1:*:*:*:*:*:*","matchCriteriaId":"142C0FD2-7B0A-48D5-BF2D-62790C20444C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta33:*:*:*:*:*:*","matchCriteriaId":"202A862C-BE02-4716-9A9B-A779678C5A6B"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta34:*:*:*:*:*:*","matchCriteriaId":"DDB5ACE0-6911-4AFE-A5FB-ED5EC67F38A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta35:*:*:*:*:*:*","matchCriteriaId":"6D67DDA9-8946-40EB-83B0-93AE3E31E310"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*","matchCriteriaId":"BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*","matchCriteriaId":"81A6C732-FBF2-44A8-B810-456E54B59A09"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*","matchCriteriaId":"8C5664E5-150E-4B4B-BA0C-420738820FF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*","matchCriteriaId":"7E764AA1-3060-441F-8F14-ADD165316741"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*","matchCriteriaId":"04A3E84F-91AA-420A-B908-3393E037AC44"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*","matchCriteriaId":"828EAE87-24E5-4F31-B301-BA2F96BDEA42"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*","matchCriteriaId":"45710D36-954A-4450-B622-CB0F368DF544"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*","matchCriteriaId":"2B57EEFB-5518-4BD5-998A-34B6690A6F4C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*","matchCriteriaId":"8EDF4CEE-F24D-441B-92A8-7F5A2B41487E"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*","matchCriteriaId":"F0275FDF-BAE8-4909-8991-6FCE34B8905E"},{"vulnerable":true,"criteria":"cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta9:*:*:*:*:*:*","matchCriteriaId":"B52F973F-A2F2-40C2-9936-9447B5803CFB"}]}]}],"references":[{"url":"https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-gr34-jgw4-7j4m","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}