In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
CPE | Name | Operator | Version |
---|---|---|---|
nginx_controller | ge | 2.0.0 | |
nginx_controller | le | 2.9.0 | |
nginx_controller | eq | 1.0.1 | |
nginx_controller | ge | 3.0.0 | |
nginx_controller | le | 3.4.0 |