Nginx Controller Security Vulnerabilities and Issues — Nginx Controller CVE List

Lucene search

F5Nginx Controller

5 matches found

CVE•added 2021/06/01 1:15 p.m.•50 views

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.

5.5CVSS6AI score0.00184EPSS

CVE•added 2021/06/01 1:15 p.m.•47 views

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.

5.5CVSS6AI score0.00194EPSS

CVE•added 2020/04/23 7:15 p.m.•39 views

CVE-2020-5865

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

5.8CVSS5AI score0.00119EPSS

CVE•added 2020/07/02 1:15 p.m.•38 views

CVE-2020-5909

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.

5.8CVSS5.5AI score0.00117EPSS

CVE•added 2020/04/23 7:15 p.m.•32 views

CVE-2020-5866

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

5.5CVSS5.4AI score0.001EPSS