CVE-2020-5909

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified...

Authentication flaw

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System NATS messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized...

Command injection

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface UI to fetch the agent installer, the server TLS certificate is not verified...

CVE-2020-5910

CVE-2020-5910 affects NGINX Controller’s NATS messaging service. Affected versions are 3.0.0–3.5.0, 2.0.0–2.9.0, and 1.0.1, where NATS does not require authentication, allowing any successful connection to be authorized. Impact described includes potential eavesdropping and unauthorized access to...

CVE-2020-5911

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system...

F5 NGINX Controller Trust Management Issues Vulnerability (CNVD-2021-18398)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in F5 NGINX Controller versions 1.0.1, 2.0.0 through 2.9.0, and 3.0.0 through 3.5.0...

F5 NGINX Controller Authentication Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the NGINX controller NATS messaging service in F5 NGINX Controller versions 1.0....

F5 NGINX Controller Input Validation Error Vulnerability (CNVD-2021-18400)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A security vulnerability exists in the installer in F5 NGINX Controller versions 2.8.0 through 2.9.0 and 3.0.0...

CVE-2020-5901

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...

Cross site request forgery (csrf)

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...

CVE-2020-5901

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting XSS attack. If the victim user is logged in as admin this could result in a complete compromise of the system...

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address ...

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery CSRF protections for the NGINX Controller user interface...

The vulnerability of the Analytics, Visibility, and Reporting services of the NGINX Controller monitoring and management application platform allows a hacker to execute arbitrary code.

The vulnerability of the Analytics, Visibility, and Reporting services of the NGINX Controller monitoring and management platform is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

F5 NGINX Controller Authorization Issue Vulnerability (CNVD-2020-51553)

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. An authorization issue vulnerability exists in F5 NGINX Controller versions 3.0.0 through 3.4.0 in NGINX Controller...

F5 NGINX Controller Cross-Site Request Forgery Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site request forgery vulnerability exists in the NGINX Controller user interface in F5 NGINX Controller...

F5 NGINX Controller Cross-Site Scripting Vulnerability

F5 NGINX Controller is a centralized monitoring and management platform for NGINX from F5. The platform supports the management of multiple NGINX instances using a visual interface. A cross-site scripting vulnerability exists in the NGINX Controller API in F5 NGINX Controller versions 3.3.0 throu...