CVE-2020-5866Sensitive Information Exposure in F5 Nginx Controller

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 72.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx Controller
Timeline
PublishedApr 23
Latest updateMay 24

Description

In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5f5/nginx_controller< 3.3.0
NVDf5/nginx_controller3.0.03.3.0+2

🔴Vulnerability Details

2
GHSA
GHSA-28pm-98wm-6937: In versions of NGINX Controller prior to 32022-05-24
CVEList
CVE-2020-5866: In versions of NGINX Controller prior to 32020-04-23

📋Vendor Advisories

1
F5
CVE-2020-5866: In versions of NGINX Controller prior to 32020-04-23
CVE-2020-5866 — Sensitive Information Exposure in F5 | cvebase