CVE-2020-5863

NGINX Controller (versions before 3.2.0) is affected by an access-control vulnerability in the Controller API: an unauthenticated remote attacker can create unprivileged user accounts and upload a license, with no ability to view or modify other components. Root cause is improper API access contr...

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system...