{"id":"CVE-2024-7634","details":"NGINX Agent's \"config_dirs\" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.","aliases":["BIT-nginx-agent-2024-7634"],"modified":"2026-04-10T05:19:39.756480Z","published":"2024-08-22T18:15:10.553Z","references":[{"type":"ADVISORY","url":"https://my.f5.com/manage/s/article/K000140630"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nginx/agent","events":[{"introduced":"9149ae8ff9ad3a481fb3c7b0c239cd167622022a"},{"fixed":"3dc98f3e1b306d0897a64215817a5076a2182418"}],"database_specific":{"versions":[{"introduced":"2.17.0"},{"fixed":"2.37.0"}]}}],"versions":["sdk/v2.17.0","sdk/v2.22.0","sdk/v2.22.1","sdk/v2.23.0","sdk/v2.24.0","sdk/v2.24.1","sdk/v2.25.0","sdk/v2.26.0","sdk/v2.27.0","sdk/v2.28.0","sdk/v2.29.0","sdk/v2.30.0","sdk/v2.30.1","sdk/v2.30.2","sdk/v2.30.3","sdk/v2.31.0","sdk/v2.31.1","sdk/v2.31.2","sdk/v2.32.0","sdk/v2.32.1","sdk/v2.32.2","sdk/v2.33.0","sdk/v2.34.0","sdk/v2.34.1","sdk/v2.35.0","sdk/v2.35.1","sdk/v2.36.0","sdk/v2.36.1","v2.17.0","v2.22.0","v2.22.1","v2.23.0","v2.24.0","v2.24.1","v2.25.0","v2.26.0","v2.27.0","v2.28.0","v2.29.0","v2.30.0","v2.30.1","v2.30.2","v2.30.3","v2.31.0","v2.31.1","v2.31.2","v2.32.0","v2.32.1","v2.32.2","v2.33.0","v2.34.0","v2.34.1","v2.35.0","v2.35.1","v2.36.0","v2.36.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"2.3.1"},{"fixed":"2.17.2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7634.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N"}]}