Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Nginx Controller Security Vulnerabilities - CVSS Score 5 - 6

cve
cve

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

5.5CVSS

5.4AI Score

0.0004EPSS

2020-04-23 07:15 PM
20
cve
cve

CVE-2020-5909

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.

5.4CVSS

5.5AI Score

0.001EPSS

2020-07-02 01:15 PM
28
cve
cve

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.

5.5CVSS

6AI Score

0.0004EPSS

2021-06-01 01:15 PM
32
4
cve
cve

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.

5.5CVSS

6AI Score

0.0004EPSS

2021-06-01 01:15 PM
37
2