GHSA-9mcp-v29j-j4hp

Опубликовано: 06 июл. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 7.1

Описание

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Ссылки

EPSS

Процентиль: 24%

0.00083

Низкий

7.1 High

CVSS3

CVE ID

CVE-2023-28724

Дефекты

CWE-276

Связанные уязвимости

CVE-2023-28724

CVSS3: 7.1

nvd

почти 3 года назад

NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

BDU:2023-02619

CVSS3: 7.1

fstec

почти 3 года назад

Уязвимость платформы автоматизации NGINX Instance Manager, диспетчера подключений API NGINX API Connectivity Manager и платформы мониторинга и управления безопасностью NGINX Security Monitoring, связанная с некорректно используемыми стандартными разрешениями, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 24%

0.00083

Низкий

7.1 High

CVSS3

CVE ID

CVE-2023-28724

Дефекты

CWE-276