Privilege escalation on Nginx Controller 3.1.x


A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.

Privilege escalation on Nginx Controller 3.1.x

Posted on 2020-02-30 by Peter Bassill in category News.


Pentesting   Vulnerability  


A critical vulnerability has been identified in Nginx Controller up to 3.1.x (web server,) affecting an unknown code block of the component Controller API.


Manipulation with an unknown input leads to a privilege escalation vulnerability, with a CWE definition of CWE-269.


Released on the 27th of March 2020, this vulnerability has been designated CVE-2020-5863 and it requires no authentication to be exploited.


Whilst no technical details are publicly available, if you would like help with this vulnerability and management of vulnerabilities in general, please feel free to contact us at any time.


Upgrading to version 3.2.0 will eliminate this vulnerability.


Hedgehog Security is a full service Cyber Security consultancy. We are available at all times for all your Penetration Testing requirements. Hedgehog Security is here to help.



Get in Touch

Kindly fill the form and we will get back to you.

Contact us if you are experiencing a Cyber IncidentHaving a Cyber Incident?