CVE-2020-5910

Summary

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.

Affected Software

VendorProductVersion RangeStatus
n/aNGINX Controller3.0.0-3.5.0, 2.0.0-2.9.0, 1.0.1affected

Weaknesses

  • data leakage

ADP Enrichment

CVE Program Container

Additional References

References