CVE-2020-5900

Name of the Vulnerable Software and Affected Versions NGINX Controller versions 1.0.1 NGINX Controller versions 2.0.0 through 2.9.0 NGINX Controller versions 3.0.0 through 3.4.0

Description The issue is related to insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface. CSRF is an attack that tricks a user into performing unintended actions on a web application that the user is authenticated to. This can lead to unauthorized actions being taken on behalf of the user.

Recommendations For version 1.0.1, update to a version with proper CSRF protections. For versions 2.0.0 through 2.9.0, update to a version with proper CSRF protections. For versions 3.0.0 through 3.4.0, update to a version with proper CSRF protections. As a temporary workaround, consider implementing additional security measures to minimize the risk of CSRF attacks, such as validating request headers and using anti-CSRF tokens.