Update: We’ve gotten our hands on an experimental exploit for Nginx 1.18. As we’ve been testing it, a handful of companies and corporations have fallen under it.
Cool, a possible Nginx 1.18 zeroday in the wild. More info about it.
As some further analysis is ongoing, the module relating to the LDAP-auth daemon within nginx is affected greatly. ;) Anything that involves LDAP optional logins works as well. This includes Atlassian accounts. Just working out if we can bypass some common WAFs. Default nginx configs seem to be the vulnerable type, or common configs.