Home

CVE-2020-5867

Description

In versions prior to 3.3.0, the NGINX Controller Agent installer script install.sh uses HTTP instead of HTTPS to check and install packages

Risk Information

Base Score
8.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.149

Associated Vulnerability

VulnerabilityOS Platform
Cleartext Transmission of Sensitive Information Vulnerability (CVE-2020-5867)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234