The Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized. (CVE-2020-5910)
Impact
A malicious user with access to the host where NGINX Controller is running on may eavesdrop on NATS connections and, thereby, gain unauthorized access data stored in the message queue.