CVE-2020-5865

4.8MEDIUM

Key Information:

Vendor: F5
Status: Nginx Controller
Vendor: CVE Published:; 23 April 2020

Summary

In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks.

Affected Version(s)

NGINX Controller < 3.3.0

References

https://support.f5.com/csp/article/K21009022

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20200430-0005/

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2020
Vulnerability Reserved
Jan 6, 2020