CVE-2021-23019
01.06.2021, 13:15
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.Enginsight
| Vendor | Product | Version |
|---|---|---|
| f5 | nginx_controller | 2.0.0 ≤ 𝑥 ≤ 2.9.0 |
| f5 | nginx_controller | 3.0.0 ≤ 𝑥 < 3.15.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-201 - Insertion of Sensitive Information Into Sent DataThe code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
- CWE-522 - Insufficiently Protected CredentialsThe product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.