CVE-2021-23019

CWE-201CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
7.8HIGH
EPSS
0.1%
top 80.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx Controller
Timeline
PublishedJun 1
Latest updateMay 24

Description

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDf5/nginx_controller3.0.03.15.0+1
CVEListV5nginx_controller“2.0.0 thru 2.9.0” and “3.x before 3.15.0”

🔴Vulnerability Details

2
GHSA
GHSA-r42j-8h58-j557: The NGINX Controller 22022-05-24
CVEList
CVE-2021-23019: The NGINX Controller 22021-06-01

📋Vendor Advisories

1
F5
CVE-2021-23019: The NGINX Controller 22021-06-01
CVE-2021-23019 (HIGH CVSS 7.8) | The NGINX Controller 2.0.0 thru 2.9 | cvebase.io