Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nginx_controller
(F5)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 18 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-06-01 | CVE-2021-23021 | The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. | Nginx_controller | 5.5 | ||
2020-07-01 | CVE-2020-5901 | In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system. | Nginx_controller | N/A | ||
2020-07-01 | CVE-2020-5900 | In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. | Nginx_controller | N/A | ||
2020-07-02 | CVE-2020-5911 | In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. | Nginx_controller | N/A | ||
2020-07-02 | CVE-2020-5909 | In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. | Nginx_controller | N/A | ||
2020-05-07 | CVE-2020-5894 | On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. | Nginx_controller | N/A | ||
2020-04-23 | CVE-2020-5866 | In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. | Nginx_controller | N/A | ||
2020-04-23 | CVE-2020-5864 | In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | Nginx_controller | N/A |