Insecure Intra-Cluster Communication in NGINX Controller 3.x before 3.4.0

Insecure Intra-Cluster Communication in NGINX Controller 3.x before 3.4.0

CVE-2021-23018 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Intra-cluster communication does not use TLS. The services within the NGINX Controller 3.x before 3.4.0 namespace are using cleartext protocols inside the cluster.

Learn more about our Cis Benchmark Audit For Nginx.