CVE-2020-5910
EUVD-2020-2706402.07.2020, 13:15
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| f5 | nginx_controller | 2.0.0 ≤ 𝑥 ≤ 2.9.0 |
| f5 | nginx_controller | 3.0.0 ≤ 𝑥 ≤ 3.5.0 |
| f5 | nginx_controller | 1.0.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration