CVE-2020-5900

Published: Jul 1, 2020Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient cross-site request forgery (CSRF) protections for the NGINX Controller user interface.

Affected (3)

Products: F5: Nginx Controller

1 product

Nginx Controller

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Nginx Controller	From 2.0.0 to 2.9.0
F5 Nginx Controller	From 3.0.0 to 3.4.0
F5 Nginx Controller	Version 1.0.1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.f5.com/csp/article/K31044532

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K31044532

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.