Insecure HTTP Download of Kubernetes Packages in NGINX Controller Installer

Insecure HTTP Download of Kubernetes Packages in NGINX Controller Installer

CVE-2020-5911 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.

Learn more about our Cis Benchmark Audit For Debian Linux.