CVE-2020-5865

CWE-319Cleartext TransmissionCWE-200Information Exposure4 documents4 sources
Severity
4.8MEDIUM
EPSS
0.1%
top 69.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx Controller
Timeline
PublishedApr 23
Latest updateMay 24

Description

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages2 packages

CVEListV5nginx_controller< 3.3.0
NVDf5/nginx_controller3.0.03.3.0+2

🔴Vulnerability Details

2
GHSA
GHSA-83x8-frp9-8943: In versions prior to 32022-05-24
CVEList
CVE-2020-5865: In versions prior to 32020-04-23

📋Vendor Advisories

1
F5
CVE-2020-5865: In versions prior to 32020-04-23
CVE-2020-5865 (MEDIUM CVSS 4.8) | In versions prior to 3.3.0 | cvebase.io