Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2021-23021
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.18% / 40.37%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 12:23
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginx_controllerNginx Controller
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-23020
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 41.51%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 12:14
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NAAS 3.x before 3.10.0 API keys were generated using an insecure pseudo-random string and hashing algorithm which could lead to predictable keys.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginx_controllerNginx Controller
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2021-23019
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-7.8||HIGH
EPSS-0.19% / 41.09%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 12:03
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginx_controllerNginx Controller
CWE ID-CWE-201
Insertion of Sensitive Information Into Sent Data
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2021-23018
Assigner-F5, Inc.
ShareView Details
Assigner-F5, Inc.
CVSS Score-7.4||HIGH
EPSS-0.26% / 48.96%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 11:51
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.

Action-Not Available
Vendor-n/aF5, Inc.
Product-nginx_controllerNginx Controller
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information