The NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. (CVE-2020-5865)
Impact
An attacker can modify user entered data or run arbitrary SQL commands against the database server.