Lucene search

K

6 matches found

CVE
CVE
added 2020/07/02 1:15 p.m.47 views

CVE-2020-5910

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.

7.5CVSS7.5AI score0.00355EPSS
CVE
CVE
added 2020/07/01 3:15 p.m.44 views

CVE-2020-5899

In NGINX Controller 3.0.0-3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which allows an attacker who can intercept the database connection or have read access to the database, to request a password reset using the email address of...

7.8CVSS7.5AI score0.00038EPSS
CVE
CVE
added 2020/07/01 3:15 p.m.43 views

CVE-2020-5901

In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system.

9.6CVSS8.7AI score0.00883EPSS
CVE
CVE
added 2020/07/02 1:15 p.m.39 views

CVE-2020-5911

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.

7.5CVSS7.2AI score0.00387EPSS
CVE
CVE
added 2020/07/02 1:15 p.m.38 views

CVE-2020-5909

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.

5.8CVSS5.5AI score0.00117EPSS
CVE
CVE
added 2020/07/01 2:15 p.m.36 views

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.

8.8CVSS8.8AI score0.00279EPSS