CVE-2021-23019
First published: Tue Jun 01 2021(Updated: )
The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 NGINX Controller API Management | >=2.0.0<=2.9.0 | |
| F5 NGINX Controller API Management | >=3.0.0<3.15.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-23019?
CVE-2021-23019 has a medium severity rating due to the potential exposure of sensitive administrator credentials.
How do I fix CVE-2021-23019?
To mitigate CVE-2021-23019, upgrade NGINX Controller to version 3.15.0 or later.
Who is affected by CVE-2021-23019?
CVE-2021-23019 affects users running NGINX Controller versions 2.0.0 through 2.9.0 and any 3.x versions before 3.15.0.
What data is exposed in CVE-2021-23019?
CVE-2021-23019 may expose the administrator password in the systemd.txt file included in the support package.
Is there a workaround for CVE-2021-23019?
There is no specific workaround for CVE-2021-23019; upgrading to the latest version is recommended.
- agent/weakness
- agent/first-publish-date
- agent/last-modified-date
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- vendor/f5
- canonical/f5 nginx controller api management
- version/f5 nginx controller api management/2.0.0
- version/f5 nginx controller api management/2.9.0
- version/f5 nginx controller api management/3.0.0