Nginx Controller Security Vulnerabilities and Issues — Nginx Controller CVE List

Lucene search

F5Nginx Controller

4 matches found

CVE•added 2020/03/27 3:15 p.m.•149 views

CVE-2020-5863

In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.

8.6CVSS8.6AI score0.01111EPSS

CVE•added 2020/04/23 8:15 p.m.•49 views

CVE-2020-5867

In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages

8.1CVSS8AI score0.00149EPSS

CVE•added 2020/05/07 1:15 p.m.•47 views

CVE-2020-5894

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.

8.1CVSS8AI score0.00419EPSS

CVE•added 2020/07/01 2:15 p.m.•36 views

CVE-2020-5900

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.

8.8CVSS8.8AI score0.00279EPSS