The vulnerability in nginx-ui versions before 2.3.8 allows an authenticated user to access the GET /api/settings API endpoint and obtain sensitive configuration data, specifically the node.secret value. This secret is used by the AuthRequired() function to authenticate requests through the X-Node-Secret header or the node_secret query parameter, effectively granting trusted-node access and associating the request with the init user. This exposure of sensitive information (CWE-200) combined with improper authorization (CWE-863) can lead to unauthorized privilege escalation. The issue is resolved in version 2.3.8.

An authenticated user can obtain the node.secret value, which is a sensitive token used for trusted-node authentication. Possession of this secret allows the user to bypass normal authentication controls and act with the privileges of the init user, potentially leading to unauthorized access to sensitive functions or data. The impact is limited to confidentiality compromise and unauthorized privilege escalation without affecting integrity or availability.

Upgrade nginx-ui to version 2.3.8 or later, where this vulnerability has been patched. Since the vendor advisory confirms the fix in version 2.3.8, applying this official update fully mitigates the issue. No additional mitigation steps are indicated.