CVE-2021-23018

The CVE-2021-23018 issue affects NGINX Controller 3.x deployments where intra-cluster communication does not use TLS, leaving cleartext traffic between services inside the cluster. Affected versions are 3.x prior to 3.4.0. Root cause is unencrypted intra-cluster channels, enabling potential read/...

CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster...

Nginx 控制器 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller that stems from the fact that intra-cluster communication do...

PT-2021-7435 · Nginx · Nginx Controller

Name of the Vulnerable Software and Affected Versions: NGINX Controller versions 2.0.0 through 2.9.0 NGINX Controller versions 3.x before 3.15.0 Description: The issue is related to insufficient protection of registration data, which may allow an attacker to disclose protected information...

F5 NGINX Controller 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller due to incorrect default permissions that allow local users ...

F5 NGINX Controller 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller that could be exploited by remote attackers to access...

F5 NGINX Controller 安全漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller that allows an attacker to forge UDP packets from a DNS serv...

NGINX控制器 安全特征问题漏洞

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security signature issue vulnerability exists in F5 NGINX Controller that allows local users to bypass implemente...

The vulnerability of the NGINX Controller Agent monitoring and management platform, related to deficiencies in path name restriction, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the NGINX Controller Agent monitoring and management platform is related to deficiencies in path name restriction for the directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...

CVE-2020-27730

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

Code injection

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities...

CVE-2020-27730

CVE-2020-27730 affects the NGINX Controller Agent : versions 1.0.1, 2.0.0–2.9.0, and 3.0.0–3.9.0 do not use absolute paths when invoking system utilities, enabling a local attacker to escalate privileges to root and execute arbitrary code. Public disclosures from Red Hat and F5 corroborate the vu...

F5 NGINX Controller Path Traversal Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A path traversal vulnerability exists in the F5 NGINX Controller Agent, which allows an attacker to escalate...

PT-2020-5282 · Nginx · Nginx Controller Agent

Name of the Vulnerable Software and Affected Versions: NGINX Controller Agent versions 1.0.1, 2.0.0 through 2.9.0, 3.0.0 through 3.9.0 Description: The issue is related to the NGINX Controller Agent's failure to use absolute paths when calling system utilities, which can be exploited by a remote...

@csltech/strong-nginx-controller (>=1.0.2 <=1.0.3), @csltech/strong-pm (>=7.0.0 <=7.0.2) +56 more potentially affected by CVE-2016-1000226 via swagger-ui (>=2.0.17 <=2.1.8-M1)

swagger-ui NPM version =2.0.17, =1.0.2, =7.0.0, =3.0.1, =2.0.0, =1.0.1, =1.0.1, =2.8.29, =1.0.1, =5.0.232, =0.0.1, =0.4.1, =1.0.1, =0.0.1, =0.0.27, =0.1.9 and more Source cves: CVE-2016-1000226 Source advisory: OSV:GHSA-7F59-X49P-V8MQ...

CVE-2020-5911

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system...

CVE-2020-5911

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system...

CVE-2020-5910

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized...

CVE-2020-5909

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified...

CVE-2020-5910

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized...