CVE-2020-5867

2020-04-2319:58:59

www.cve.org

AI Score

8.1

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

In versions prior to 3.3.0, the NGINX Controller Agent installer script ‘install.sh’ uses HTTP instead of HTTPS to check and install packages

CNA Affected

[
  {
    "product": "NGINX Controller",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.3.0"
      }
    ]
  }
]

References

security.netapp.com/advisory/ntap-20200430-0005/

support.f5.com/csp/article/K00958787