CVE-2020-5894

CWE-3844 documents4 sources

Severity

8.1HIGH

EPSS

0.4%

top 38.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 7

Latest updateMay 24

Description

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

▶CVEListV5nginx_controller< 3.4.0

▶NVDf5/nginx_controller3.0.0 — 3.3.0

GHSA

GHSA-q676-x7h7-vq4f: On versions 3↗2022-05-24

▶

CVEList

CVE-2020-5894: On versions 3↗2020-05-07

▶

CVE-2020-5894: On versions 3↗2020-05-07

▶