Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published

2022-08-04T18:15:09.423

Last Modified

2024-11-21T07:02:53.850

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	f5	nginx_ingress_controller	< 2.3.0	Yes

References

https://support.f5.com/csp/article/K52125139 Vendor Advisory ([email protected])
https://support.f5.com/csp/article/K52125139 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)