Описание
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
Ссылки
- Third Party Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.0.0 (включая) до 2.9.0 (включая)Версия от 3.0.0 (включая) до 3.2.0 (исключая)
Одно из
cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:f5:nginx_controller:1.0.1:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01111
Низкий
8.6 High
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 8.6
github
больше 3 лет назад
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
EPSS
Процентиль: 78%
0.01111
Низкий
8.6 High
CVSS3
7.5 High
CVSS2
Дефекты
NVD-CWE-noinfo