nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 3 weeks ago verified publisher icon NginxProxyManager

CVE-2024-46257

Open TheTrueColonel opened this issue 1 year ago • 4 comments

Just to bring more visibility to this major bug that was reported. Link includes multiple references on where exactly the issue is and how to reproduce the issue.

https://www.tenable.com/cve/CVE-2024-46257

TheTrueColonel avatar Sep 27 '24 21:09 TheTrueColonel

The maintainer basically never actually check github issue. Please email it directly to him at [email protected] Hopefully this resolve faster than last time (which took 4 months).

tanpro260196 avatar Oct 02 '24 02:10 tanpro260196

Hi everyone,

could someone shed a bit more light on how severe this problem is?

Doest this only concern instances of NPM which are exposed to internet or virtually all installations, including the ones behind firewalls?

vsisl avatar Oct 03 '24 15:10 vsisl

From the information seen on the CVE, it looks like if someone is able to request a Let's Encrypt cert, they are able to exploit this bug. I'm unsure if there's anything external that calls those endpoints an unauthenticated user can exploit, but I have emailed jc and got confirmation that he'll look into the issue as soon as he can.

TheTrueColonel avatar Oct 03 '24 15:10 TheTrueColonel

Hello, I am the person who submitted the above CVE, you can refer to my article here: https://viblo.asia/p/phat-hien-rce-nhung-ban-phai-dang-nhap-truoc-da-cau-chuyen-cve-cua-minh-voi-56000-host-MkNLrQaOJgA

barttran2k avatar Oct 11 '24 03:10 barttran2k

Looks to have been fixed in #4073

TheTrueColonel avatar Oct 22 '24 14:10 TheTrueColonel

Thank you! I was checked and the bug is fixed! image

barttran2k avatar Oct 23 '24 02:10 barttran2k