CVE-2020-5864
published 2020-04-23CVE-2020-5864: In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
high7.4CVSS 3.1
AVNACHPRNUINSUCHIHAN
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx_controller | < 3.2.0 | 3.2.0 |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | 2.0.0 – 2.9.0 | — |
| f5 | nginx_controller | >= 3.0.0 < 3.3.0 | 3.3.0 |
| f5 | nginx_plus | — | — |