F5: >> Nginx Controller >> 3.3.0 Security Vulnerabilities
In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.
CVSS Score
8.8
EPSS Score
0.003
Published
2020-07-01
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
CVSS Score
8.1
EPSS Score
0.004
Published
2020-05-07
On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and world-writable permissions on its socket, which allows processes or users on the local system to write arbitrary data into the socket. A local system attacker can make AVRD segmentation fault (SIGSEGV) by writing malformed messages to the socket.
CVSS Score
7.8
EPSS Score
0.001
Published
2020-05-07
Page 2