cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2022-30535,https://securityvulnerability.io/vulnerability/CVE-2022-30535,NGINX Ingress Controller vulnerability CVE-2022-30535,"In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",F5,Nginx Ingress Controller,6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-08-04T18:15:00.000Z,0
CVE-2021-23055,https://securityvulnerability.io/vulnerability/CVE-2021-23055,Command Line Restriction Vulnerability in NGINX Ingress Controller by F5 Networks,"A command line restriction vulnerability exists in the NGINX Ingress Controller, affecting versions 1.x prior to 1.12.3 and 2.x prior to 2.0.3. This flaw allows the command line restriction for snippet usage to be bypassed when applied to Ingress objects, potentially exposing the system to unauthorized commands and execution. Software versions that have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.",F5,Nginx Ingress Controller,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-04-21T18:14:01.000Z,0
CVE-2022-23008,https://securityvulnerability.io/vulnerability/CVE-2022-23008,JavaScript Injection Vulnerability in NGINX Controller API Management by F5,"On certain versions of NGINX Controller API Management, an authenticated attacker with user or admin privileges can exploit undisclosed API endpoints to inject malicious JavaScript code. This code is executed on associated NGINX data plane instances, leading to potential compromise of sensitive data and disruption of services. It is important to note that versions which have reached End of Technical Support (EoTS) are not evaluated for this vulnerability.",F5,Nginx Controller Api Management,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-01-25T19:11:19.000Z,0
CVE-2021-23021,https://securityvulnerability.io/vulnerability/CVE-2021-23021,World Readable Configuration File in Nginx Controller 3.x by F5 Networks,"The Nginx Controller 3.x, prior to version 3.7.0, has a vulnerability where the agent configuration file located at /etc/controller-agent/agent.conf is accessible to all users due to its file permissions being set to 644. This exposure could allow unauthorized access to sensitive configuration information, potentially leading to further exploitation within the system.",F5,Nginx Controller,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-06-01T12:23:35.000Z,0
CVE-2021-23020,https://securityvulnerability.io/vulnerability/CVE-2021-23020,Insecure API Key Generation in NAAS 3.x by F5 Networks,"The NAAS 3.x versions prior to 3.10.0 exhibit a vulnerability where API keys are generated using an insecure pseudo-random string and hashing algorithm. This flaw could lead to predictable keys, potentially allowing unauthorized access and compromising the integrity of applications relying on these API keys.",F5,Nginx Controller,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-06-01T12:14:39.000Z,0
CVE-2021-23019,https://securityvulnerability.io/vulnerability/CVE-2021-23019,Exposed Administrator Password in NGINX Controller by F5 Networks,"The NGINX Controller versions 2.0.0 through 2.9.0 and 3.x earlier than 3.15.0 may inadvertently expose the administrator password in the systemd.txt file. This file is included within the NGINX support package, posing a potential risk of unauthorized access if it is not adequately secured. It is crucial for administrators to ensure that sensitive information is managed and configured properly to mitigate this risk.",F5,Nginx Controller,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-06-01T12:03:42.000Z,0
CVE-2021-23018,https://securityvulnerability.io/vulnerability/CVE-2021-23018,Insecure Intra-cluster Communication in NGINX Controller Software by F5 Networks,"The NGINX Controller versions prior to 3.4.0 have a vulnerability that arises from intra-cluster communication being conducted without TLS encryption. This results in the potential exposure of sensitive data transmitted within the cluster, as it operates using unprotected cleartext protocols. Organizations using affected versions are advised to upgrade to mitigate security vulnerabilities associated with unencrypted communication.",F5,Nginx Controller,7.4,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2021-06-01T11:51:20.000Z,0
CVE-2020-27730,https://securityvulnerability.io/vulnerability/CVE-2020-27730,NGINX Controller Agent Vulnerability Affecting F5 Networks,"The NGINX Controller Agent versions 3.0.0 to 3.9.0, 2.0.0 to 2.9.0, and 1.0.1 contain a vulnerability due to the usage of relative paths when invoking system utilities. This can lead to security risks where unauthorized users might exploit this behavior to execute commands or scripts, potentially compromising system integrity. It is crucial for users to update to secured versions to mitigate these risks.",F5,Nginx Controller,9.8,CRITICAL,0.0033100000582635403,false,,false,false,false,,,false,false,,2020-12-11T19:03:21.000Z,0
CVE-2020-5909,https://securityvulnerability.io/vulnerability/CVE-2020-5909,NGINX Controller TLS Certificate Verification Issues by F5 Networks,"In specific versions of NGINX Controller, there is a vulnerability that allows users to execute commands through the user interface to fetch an agent installer without proper verification of the server's TLS certificate. This issue may lead to potential security risks as it exposes systems to man-in-the-middle attacks and other security threats, allowing attackers to intercept communication if the certificate is not verified correctly. Organizations using affected versions should take immediate steps to update their systems and ensure secure configurations.",F5,Nginx Controller,5.4,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2020-07-02T12:26:39.000Z,0
CVE-2020-5910,https://securityvulnerability.io/vulnerability/CVE-2020-5910,Authentication Bypass Vulnerability in NGINX Controller's Messaging Service,"The Neural Autonomic Transport System (NATS) messaging service in NGINX Controller versions 1.0.1, 2.0.0-2.9.0, and 3.0.0-3.5.0 lacks adequate authentication mechanisms, allowing unauthorized users to establish connections. This loophole can be exploited by attackers to gain access to sensitive data and perform unauthorized actions without proper credentials, raising significant concerns regarding the overall security of systems leveraging this product.",F5,Nginx Controller,7.5,HIGH,0.0016799999866634607,false,,false,false,false,,,false,false,,2020-07-02T12:25:11.000Z,0
CVE-2020-5911,https://securityvulnerability.io/vulnerability/CVE-2020-5911,NGINX Controller Vulnerability in Kubernetes Package Installer on Debian/Ubuntu,"The NGINX Controller installer for specific versions incorrectly downloads Kubernetes packages from an unsecured HTTP URL when deployed on Debian or Ubuntu systems. This oversight could expose users to potential malicious interceptions or alterations during the download process, resulting in compromised deployments.",F5,Nginx Controller,7.3,HIGH,0.0009200000204145908,false,,false,false,false,,,false,false,,2020-07-02T12:23:40.000Z,0
CVE-2020-5901,https://securityvulnerability.io/vulnerability/CVE-2020-5901,Reflected Cross Site Scripting Vulnerability in NGINX Controller by F5 Networks,"In specific versions of NGINX Controller, potentially exposed API endpoints could be exploited to carry out a reflected Cross Site Scripting (XSS) attack. If an admin user accesses the maliciously crafted content, this vulnerability could lead to a total compromise of the affected system, exposing sensitive information and granting unauthorized control.",F5,Nginx Controller,9.6,CRITICAL,0.0019499999471008778,false,,false,false,false,,,false,false,,2020-07-01T14:03:33.000Z,0
CVE-2020-5899,https://securityvulnerability.io/vulnerability/CVE-2020-5899,Password Recovery Code Exposure in NGINX Controller by F5 Networks,"In specific versions of NGINX Controller (3.0.0 to 3.4.0), a security flaw allows the recovery code needed for password resets to be stored in plain text in the database. This vulnerability can be exploited by an attacker with access to the database, enabling them to initiate password resets for other users by intercepting the recovery code associated with their email addresses. Unauthorized access to the database can lead to severe data breaches and compromise user accounts.",F5,Nginx Controller,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-07-01T14:01:58.000Z,0
CVE-2020-5900,https://securityvulnerability.io/vulnerability/CVE-2020-5900,Insufficient CSRF Protections in NGINX Controller by F5 Networks,"The NGINX Controller from F5 Networks, in specific versions, lacks adequate protections against Cross-Site Request Forgery. This vulnerability arises from insufficient safeguards within the user interface, potentially allowing unauthenticated users to perform actions on behalf of authenticated users without their consent. Organizations using affected versions should ensure they implement additional security measures to mitigate the risks associated with this vulnerability.",F5,Nginx Controller,8.8,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2020-07-01T13:59:42.000Z,0
CVE-2020-5895,https://securityvulnerability.io/vulnerability/CVE-2020-5895,Local System Vulnerability in NGINX Controller by F5 Networks,"The NGINX Controller, specifically in versions 3.1.0 to 3.3.0, contains a vulnerability due to AVRD using inadequate permissions on its socket. This flaw exposes the socket to world-readable and world-writable access, enabling malicious processes or users on the local system to inject arbitrary data. Such an attack can lead to instability in the AVRD, causing segmentation faults and potential disruption of services.",F5,Nginx Controller,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-05-07T12:28:24.000Z,0
CVE-2020-5894,https://securityvulnerability.io/vulnerability/CVE-2020-5894,Session Management Flaw in NGINX Controller Webserver by F5,"The NGINX Controller webserver versions 3.0.0 to 3.3.0 has a session management flaw that fails to invalidate the server-side session token after a user logs out. This oversight could allow unauthorized access to user sessions, potentially exposing sensitive information or allowing unauthorized actions within the system. Proper session handling is crucial in safeguarding user data and maintaining the integrity of web applications. Organizations utilizing these affected versions should take immediate actions to mitigate this vulnerability, including upgrading to the latest version where this issue is resolved.",F5,Nginx Controller,8.1,HIGH,0.001509999972768128,false,,false,false,false,,,false,false,,2020-05-07T12:25:56.000Z,0
CVE-2020-5867,https://securityvulnerability.io/vulnerability/CVE-2020-5867,NGINX Controller Agent Installer Script Vulnerability in F5 Networks,"The NGINX Controller Agent installer script, 'install.sh', prior to version 3.3.0 utilizes HTTP instead of HTTPS for package checking and installation. This oversight allows potential attackers to intercept and manipulate the installation process, leading to security risks such as data integrity issues and unauthorized access to system resources. Users are encouraged to upgrade to the latest version to mitigate this vulnerability and ensure secure package management.",F5,Nginx Controller,8.1,HIGH,0.0023499999660998583,false,,false,false,false,,,false,false,,2020-04-23T19:58:59.000Z,0
CVE-2020-5866,https://securityvulnerability.io/vulnerability/CVE-2020-5866,Command-Line Argument Vulnerability in NGINX Controller by F5 Networks,"In NGINX Controller prior to version 3.3.0, a security issue exists due to the helper.sh script utilizing sensitive data as command-line arguments. This could potentially expose sensitive information to unauthorized parties, making it crucial for users to upgrade to the latest version to mitigate risks.",F5,Nginx Controller,5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-04-23T18:37:50.000Z,0
CVE-2020-5864,https://securityvulnerability.io/vulnerability/CVE-2020-5864,TLS Verification Bypass in NGINX Controller by F5 Networks,"In NGINX Controller versions prior to 3.2.0, a configuration flaw allows communication between the NGINX Controller and NGINX Plus instances to bypass TLS verification by default. This oversight could potentially expose sensitive data during the transmission process, leaving it vulnerable to interception by malicious actors. Users and organizations should update their NGINX Controller to the latest version to ensure secure configuration and safeguard communications against unauthorized access.",F5,Nginx Controller,7.4,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2020-04-23T18:32:40.000Z,0
CVE-2020-5865,https://securityvulnerability.io/vulnerability/CVE-2020-5865,Unencrypted Communication Vulnerability in NGINX Controller by F5 Networks,"The NGINX Controller, prior to version 3.3.0, has a configuration flaw that allows communication with its Postgres database server over unencrypted channels. This exposes sensitive data to potential interception through man-in-the-middle (MiTM) attacks, increasing the risk of unauthorized access and data breaches.",F5,Nginx Controller,4.8,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2020-04-23T18:16:00.000Z,0
CVE-2020-5863,https://securityvulnerability.io/vulnerability/CVE-2020-5863,Unauthorized User Account Creation in NGINX Controller by Vendor F5 Networks,"In NGINX Controller versions prior to 3.2.0, a vulnerability exists that allows unauthenticated attackers with network access to the Controller API to create unprivileged user accounts. These accounts only have the ability to upload a new license to the system, with no permissions to view or modify other components, potentially compromising the system's integrity by introducing unauthorized entities.",F5,Nginx Controller,8.6,HIGH,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-03-27T14:35:31.000Z,0