F5: >> Nginx Instance Manager >> 2.13.1 Security Vulnerabilities
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-11-06
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
CVSS Score
4.9
EPSS Score
0.002
Published
2024-08-22