Nginx Controller Security Vulnerabilities and Issues — Nginx Controller CVE List

Lucene search

F5Nginx Controller

4 matches found

CVE•added 2020/04/23 8:15 p.m.•49 views

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

8.1CVSS8AI score0.00149EPSS

CVE•added 2020/04/23 7:15 p.m.•39 views

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

5.8CVSS5AI score0.00119EPSS

CVE•added 2020/04/23 7:15 p.m.•38 views

CVE-2020-5864

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

7.4CVSS7.4AI score0.00422EPSS

CVE•added 2020/04/23 7:15 p.m.•32 views

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

5.5CVSS5.4AI score0.001EPSS