Login Sign Up

CVE-2024-49366

7.5 HIGH
Path Traversal

📋 TL;DR

Nginx UI v2.0.0-beta.35 and earlier contains a path traversal vulnerability that allows attackers to write arbitrary files to the server by manipulating JSON input with '../../' sequences. This can lead to unauthorized file modifications, permission changes, or potential remote code execution. Users running affected versions of Nginx UI are vulnerable.

💻 Affected Systems

Products:
  • Nginx UI
Versions: v2.0.0-beta.35 and earlier
Operating Systems: All platforms running Nginx UI
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of affected versions are vulnerable regardless of configuration.

📦 What is this software?

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

Nginx Ui by Nginxui

View all CVEs affecting Nginx Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through arbitrary file write leading to remote code execution, configuration modification, or privilege escalation.

🟠

Likely Case

Unauthorized file modification, configuration changes to Nginx, or permission manipulation on the server.

🟢

If Mitigated

Limited impact if proper input validation and file system permissions are in place, potentially only affecting non-critical files.

🌐 Internet-Facing: HIGH - Web interface directly exposed to internet with unauthenticated or authenticated exploitation vectors.
🏢 Internal Only: MEDIUM - Lower exposure but still significant risk if internal attackers gain access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The advisory suggests unauthenticated exploitation is possible through JSON field manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.0.0-beta.36

Vendor Advisory: https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-prv4-rx44-f7jr

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Nginx UI service. 3. Update to v2.0.0-beta.36 or later from GitHub releases. 4. Restart Nginx UI service. 5. Verify functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement middleware to filter '../' sequences in JSON input before processing.

# Requires custom code modification - implement input sanitization in request handlers

Restrict File System Permissions

linux

Run Nginx UI with minimal file system permissions and use chroot/jail where possible.

sudo chown -R nginx:nginx /var/www/nginx-ui
sudo chmod -R 750 /var/www/nginx-ui

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to Nginx UI interface
  • Deploy web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check Nginx UI version via web interface or configuration files. Versions <= v2.0.0-beta.35 are vulnerable.

Check Version:

Check package version or look for version information in web interface/configuration files

Verify Fix Applied:

Verify version is v2.0.0-beta.36 or later and test JSON input with '../' sequences is rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file write operations in system logs
  • JSON requests containing '../' patterns in Nginx UI logs
  • Permission denied errors for unexpected file paths

Network Indicators:

  • HTTP POST requests to Nginx UI endpoints with JSON payloads
  • Unusual file transfer patterns from Nginx UI server

SIEM Query:

source="nginx-ui" AND ("../" OR "..\\" OR path_traversal)

📊 Metadata

CVE ID: CVE-2024-49366
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-22
Published: October 21, 2024
Last Updated: November 7, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-49366, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)