Authentication Bypass Vulnerability in NGINX Controller's Messaging Service
CVE-2020-5910
7.5HIGH
What is CVE-2020-5910?
The Neural Autonomic Transport System (NATS) messaging service in NGINX Controller versions 1.0.1, 2.0.0-2.9.0, and 3.0.0-3.5.0 lacks adequate authentication mechanisms, allowing unauthorized users to establish connections. This loophole can be exploited by attackers to gain access to sensitive data and perform unauthorized actions without proper credentials, raising significant concerns regarding the overall security of systems leveraging this product.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
NGINX Controller 3.0.0-3.5.0, 2.0.0-2.9.0, 1.0.1
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved