CVE-2021-23019

HIGH

NGINX Controller <3.15.0 - Info Disclosure

Title source: llm

Description

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

References (1)

[Vendor Advisory] https://support.f5.com/csp/article/K04884013

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 19.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-201 CWE-522

Status published

Affected Products (1)

f5/nginx_controller < 2.9.0

Timeline

Published Jun 01, 2021

Tracked Since Feb 18, 2026