The NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. (CVE-2020-5911)
Impact
A man-in-the-middle (MITM) attacker can use this vulnerability to intercept the insecure HTTP channel and convincingly forge Kubernetes packages and get the malicious packages installed on the NGINX Controller.