Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Nginx_controller
(F5)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-06-01 | CVE-2021-23018 | Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster. | Nginx_controller | 7.4 | ||
| 2021-06-01 | CVE-2021-23020 | The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys. | Nginx_controller | 5.5 | ||
| 2021-06-01 | CVE-2021-23021 | The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644. | Nginx_controller | 5.5 | ||
| 2020-07-01 | CVE-2020-5901 | In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow for a reflected Cross Site Scripting (XSS) attack. If the victim user is logged in as admin this could result in a complete compromise of the system. | Nginx_controller | N/A | ||
| 2020-07-01 | CVE-2020-5900 | In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. | Nginx_controller | N/A | ||
| 2020-07-02 | CVE-2020-5911 | In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system. | Nginx_controller | N/A | ||
| 2020-07-02 | CVE-2020-5909 | In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified. | Nginx_controller | N/A | ||
| 2020-05-07 | CVE-2020-5894 | On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out. | Nginx_controller | N/A | ||
| 2020-04-23 | CVE-2020-5866 | In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. | Nginx_controller | N/A | ||
| 2020-04-23 | CVE-2020-5864 | In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default. | Nginx_controller | N/A |