Nginx UI Security Update Advisory (CVE-2024-49368)

Oct 25 2024

Overview

An update has been released to address vulnerabilities in Nginx UI. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-49368

Nginx UI versions: ~ 2.0.0-beta.36 (excluded)

Resolved Vulnerabilities

Vulnerability in setting logrotate could allow arbitrary command execution by passing input directly to exec.Command without validating it (CVE-2024-49368)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-49368

Nginx UI version: 2.0.0-beta.36

Referenced Sites

[1] CVE-2024-49368 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-49368

[2] Unchecked logrotate settings lead to arbitrary command execution

https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm

[3] v2.0.0-beta.36

https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36

Nginx UI Security Update Advisory (CVE-2024-49368)

Fortinet Product Security Update Advisory (CVE-2024-47575)

Okta Verify Security Update Advisory (CVE-2024-10327)

Tags:

Fortinet Product Security Update Advisory (CVE-2024-47575)

Okta Verify Security Update Advisory (CVE-2024-10327)