CVE-2020-5910

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
References
Link Resource
https://support.f5.com/csp/article/K59209532 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_controller:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*

Information

Published : 2020-07-02 01:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-5910

Mitre link : CVE-2020-5910

Products Affected
No products.
CWE