Vulnerability Description
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
CVSS Score
8.1
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx Controller | >= 2.0.0, <= 2.9.0 |
| Netapp | Cloud Backup | - |
Related Weaknesses (CWE)
References
- https://security.netapp.com/advisory/ntap-20200430-0005/Third Party Advisory
- https://support.f5.com/csp/article/K00958787Vendor Advisory
- https://security.netapp.com/advisory/ntap-20200430-0005/Third Party Advisory
- https://support.f5.com/csp/article/K00958787Vendor Advisory
FAQ
What is CVE-2020-5867?
CVE-2020-5867 is a vulnerability with a CVSS score of 8.1 (HIGH). In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
How severe is CVE-2020-5867?
CVE-2020-5867 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-5867?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Nginx Controller, Netapp Cloud Backup.