Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Nginx controller'
2020-12-11
CVE-2020-27730
CWE-22
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.
2020-07-02
CVE-2020-5911
NVD-CWE-noinfo
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.
CVE-2020-5909
CWE-295
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
2020-07-01
CVE-2020-5900
CWE-352
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
2020-05-07
CVE-2020-5895
NVD-CWE-noinfo
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.
CVE-2020-5894
CWE-384
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
2020-04-23
CVE-2020-5867
CWE-20
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
CVE-2020-5866
CWE-200
In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.
CVE-2020-5865
CWE-200
In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.
CVE-2020-5864
CWE-295
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
Copyright
2024
, cxsecurity.com
Back to Top
Vulnerabilities for 'Nginx controller' 