Description
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages
Scores
CVSS v3
8.1
EPSS
0.0015
EPSS Percentile
35.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-319
CWE-494
Status
published
Products (3)
f5/nginx_controller
1.0.1
f5/nginx_controller
2.0.0 - 2.9.0
netapp/cloud_backup
Published
Apr 23, 2020
Tracked Since
Feb 18, 2026