Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses the encryption keys required to decrypt the backup in the X-Backup-Security response header. This allows an unauthenticated attacker to download a full system backup containing sensitive data (user credentials, session tokens, SSL private keys, Nginx configurations) and decrypt it immediately. This issue has been patched in version 2.3.3.
The vulnerability results from the lack of authentication mechanism (CWE-306) on the /api/backup endpoint and unsecured transmission of sensitive data (CWE-311). An attacker sends an HTTP request to /api/backup without any credentials and downloads the backup archive. The server simultaneously returns encryption keys in the X-Backup-Security header, allowing immediate decryption of the downloaded archive without additional steps.
An attacker gains access to a complete system backup containing user credentials, session tokens, private SSL keys, and Nginx configurations, which in practice means complete takeover of the system.
Update Nginx UI to version 2.3.3 or newer, where the vulnerability has been removed. Until the update is applied, it is recommended to restrict network access to the Nginx UI administrative interface using firewall or network-level access control mechanisms.
Nginx UI versions before 2.3.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HNginxui nginx Ui
APPNginxui< 2.3.3
Related vulnerabilities
Nginx UI: nieuwierzytelnione RCE przez endpoint przywracania kopii zapasowej
Nginx UI: nieuwierzytelniony dostęp do endpointu MCP umożliwia przejęcie serwera
Nginx UI: manipulacja zaszyfrowanymi kopiami zapasowymi i wstrzyknięcie konfiguracji
Nginx-UI: path traversal w imporcie certyfikatów umożliwia RCE
Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can per...