CVE-2020-5894
First published: Thu May 07 2020(Updated: )
On versions 3.0.0-3.3.0, the NGINX Controller webserver does not invalidate the server-side session token after users log out.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Nginx Controller | >=3.0.0<=3.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-5894.
What is the severity level of CVE-2020-5894?
CVE-2020-5894 has a severity level of 8.1 (high).
Which software versions are affected by CVE-2020-5894?
Versions 3.0.0-3.3.0 of the NGINX Controller webserver are affected by CVE-2020-5894.
What is the impact of CVE-2020-5894?
CVE-2020-5894 allows an attacker to potentially retain unauthorized access to a user's account even after logging out from the NGINX Controller webserver.
Is there a fix available for CVE-2020-5894?
Yes, a fix for CVE-2020-5894 is available. Please refer to the vendor's advisory for detailed instructions on how to apply the fix.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/f5
- canonical/f5 nginx controller
- version/f5 nginx controller/3.0.0
- version/f5 nginx controller/3.3.0