CVE-2020-5894

Summary

On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.

Affected Software

VendorProductVersion RangeStatus
n/aNGINX Controller< 3.4.0affected

Weaknesses

  • Session Hijacking

ADP Enrichment

CVE Program Container

Additional References

References