CVE-2020-5894

Name of the Vulnerable Software and Affected Versions NGINX Controller versions 3.0.0 through 3.3.0

Description The issue concerns the NGINX Controller webserver, where it fails to invalidate the server-side session token after users log out. This problem can potentially lead to unauthorized access.

Recommendations For versions 3.0.0 through 3.3.0, consider implementing a workaround to manually invalidate session tokens upon user logout until a proper fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.