PT-2020-18766 · Nginx+1 · Nginx Controller+1

Published

2020-04-23

Updated

2022-04-26

CVE-2020-5865

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions NGINX Controller versions prior to 3.3.0

Description The issue concerns the NGINX Controller communicating with its Postgres database server over unencrypted channels, making the data vulnerable to interception via man-in-the-middle (MiTM) attacks.

Recommendations For versions prior to 3.3.0, update to version 3.3.0 or later to resolve the issue. As a temporary workaround, consider configuring the NGINX Controller to use encrypted communication channels with its Postgres database server. Restrict access to the database server to minimize the risk of exploitation.

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

CVE-2020-5865

Affected Products

Nginx Controller

Postgres

PT-2020-18766 · Nginx+1 · Nginx Controller+1

CVE-2020-5865

Weakness Enumeration

Related Identifiers

Affected Products

References · 6