CVE-2020-5864

Severity

7.4HIGH

EPSS

0.4%

top 37.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 23

Latest updateMay 24

Description

In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

▶CVEListV5nginx_controller< 3.2.0

▶NVDf5/nginx_controller3.0.0 — 3.3.0+2

GHSA

GHSA-gr6m-w52c-x634: In versions of NGINX Controller prior to 3↗2022-05-24

▶

CVEList

CVE-2020-5864: In versions of NGINX Controller prior to 3↗2020-04-23

▶

CVE-2020-5864: In versions of NGINX Controller prior to 3↗2020-04-23

▶