CVE-2021-23021
First published: Tue Jun 01 2021(Updated: )
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf is world readable with current permission bits set to 644.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Nginx Controller | >=3.0.0<3.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-23021?
CVE-2021-23021 is classified as a medium severity vulnerability due to the exposure of sensitive configuration data.
How do I fix CVE-2021-23021?
To fix CVE-2021-23021, change the permissions of the agent configuration file to restrict access, setting it to 600.
What are the potential risks of CVE-2021-23021?
The potential risks include unauthorized access to sensitive configuration information which could lead to further exploitation.
Which versions are affected by CVE-2021-23021?
CVE-2021-23021 affects Nginx Controller versions from 3.0.0 to 3.6.0.
Is there a patch available for CVE-2021-23021?
Yes, upgrading to Nginx Controller version 3.7.0 or later resolves the vulnerability.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/f5
- canonical/f5 nginx controller
- version/f5 nginx controller/3.0.0