CVE-2020-5894
published 2020-05-07CVE-2020-5894: On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
high8.1CVSS 3.1
AVNACLPRNUIRSUCHIHAN
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | nginx_controller | < 3.4.0 | 3.4.0 |
| f5 | nginx_controller | — | — |
| f5 | nginx_controller | 3.0.0 – 3.3.0 | — |