CVE-2020-27730Path Traversal in F5 Nginx Controller

CWE-22Path Traversal4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
1.5%
top 19.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx Controller
Timeline
PublishedDec 11
Latest updateMay 24

Description

In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDf5/nginx_controller3.0.03.10.0+2
CVEListV5f5/nginx_controller3.0.0-3.9.0, 2.0.0-2.9.0, 1.0.1

🔴Vulnerability Details

2
GHSA
GHSA-x57f-j62c-638w: In versions 32022-05-24
CVEList
CVE-2020-27730: In versions 32020-12-11

📋Vendor Advisories

1
F5
CVE-2020-27730: In versions 32020-12-11
CVE-2020-27730 — Path Traversal in F5 Nginx Controller | cvebase