Nginx Controller Security Vulnerabilities and Issues — Nginx Controller CVE List

Lucene search

F5Nginx Controller

4 matches found

CVE•added 2021/06/01 12:15 p.m.•54 views

CVE-2021-23018

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.

7.4CVSS7.4AI score0.00258EPSS

CVE•added 2021/06/01 1:15 p.m.•51 views

CVE-2021-23019

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

7.8CVSS7.7AI score0.0019EPSS

CVE•added 2021/06/01 1:15 p.m.•50 views

CVE-2021-23021

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.

5.5CVSS6AI score0.00184EPSS

CVE•added 2021/06/01 1:15 p.m.•47 views

CVE-2021-23020

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.

5.5CVSS6AI score0.00194EPSS