nginx-defender is a high-performance, enterprise-grade Web Application Firewall (WAF) and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml contain default credentials (default_password: "change_me_please", GF_SECURITY_ADMIN_PASSWORD=admin123). If users deploy nginx-defender without changing these defaults, attackers with network access could gain administrative control, bypassing security protections. The issue is addressed in v1.5.0 and later.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/Anipaleja/nginx-defender(Go) | 0 | 1.5.0 | N/A |
CVSS Metrics
