CVE-2020-5867
published 2020-04-23CVE-2020-5867: In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx_controller | < 3.3.0 | 3.3.0 |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | 2.0.0 – 2.9.0 | — |
| f5 | nginx_controller | >= 3.0.0 < 3.3.0 | 3.3.0 |