CVE-2022-30535

State: PUBLISHED · Published: 2022-08-04 · Updated: 2024-09-16 · Assigner: f5

Description

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE

CWE-20 — CWE-20 Improper Input Validation

Affected

F5 / NGINX Ingress Controller — v=2.x <2.3.0 [affected]; v=1.0.0 <1.x* [affected]

CVSS

3.1 score=6.5 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References

https://support.f5.com/csp/article/K52125139 x_refsource_MISC

Source

cvelistV5-main/cves/2022/30xxx/CVE-2022-30535.json