CVE-2023-1550

Source
https://cve.org/CVERecord?id=CVE-2023-1550
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1550.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-1550
Aliases
Published
2023-03-29T17:15:07.107Z
Modified
2026-07-08T06:22:22.657339751Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.

Database specific
{
    "unresolved_ranges": [
        {
            "cpes": [
                "cpe:2.3:a:f5:nginx_instance_manager:*:*:*:*:*:*:*:*"
            ],
            "vendor_product": "f5:nginx_instance_manager",
            "extracted_events": [
                {
                    "introduced": "2.0.0"
                },
                {
                    "fixed": "2.9.0"
                }
            ],
            "source": "CPE_RANGE"
        }
    ]
}
References

Affected packages

Git / github.com/nginx/agent

Affected ranges

Type
GIT
Repo
https://github.com/nginx/agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:f5:nginx_agent:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "2.0.0"
        },
        {
            "fixed": "2.23.3"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

sdk/v2.*
sdk/v2.17.0
sdk/v2.22.0
sdk/v2.22.1
sdk/v2.23.0
sdk/v2.23.1
sdk/v2.23.2
v2.*
v2.17.0
v2.22.0
v2.22.1
v2.23.0
v2.23.1
v2.23.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1550.json"