Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NGINX Controller 安全漏洞
Vulnerability Description
NGINX是美国NGINX公司的一款轻量级Web服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器。 NGINX Controller 3.2.0之前版本中存在安全漏洞,该漏洞源于Controller API没有进行正确的访问控制。攻击者可借助特制请求利用该漏洞创建非权限用户帐户并将新许可证上载到系统(不能查看或修改系统的任何其他组件)。
CVSS Information
N/A
Vulnerability Type
N/A