Insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. (CVE-2020-5900)
Impact
An attacker can exploit this vulnerability by enticing a victim user to follow a malicious link. A successful exploit can allow the attacker to perform arbitrary actions on the web user interface with the privilege level of the victim user. For more information about CSRF, refer to <https://owasp.org/www-community/attacks/csrf>.
Note: This link takes you to a resource outside of AskF5, and the third party could remove the document without our knowledge.