Server TLS Certificate Verification Bypass Vulnerability

Server TLS Certificate Verification Bypass Vulnerability

CVE-2020-5909 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.

Learn more about our Cis Benchmark Audit For Nginx.