Lucene search
F5CVELIST:CVE-2022-30535HistoryAug 04, 2022 - 5:45 p.m.
CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535
2022-08-0417:45:41
CWE-20
f5
www.cve.org
6
cve-2022-30535
nginx ingress controller
version 2.3.0
version 1.x
authorized attacker
secrets access
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
27.5%
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CNA Affected
[
{
"product": "NGINX Ingress Controller",
"vendor": "F5",
"versions": [
{
"lessThan": "2.3.0",
"status": "affected",
"version": "2.x",
"versionType": "custom"
},
{
"lessThan": "1.x*",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
]References
Related
cve
cve
CVE-2022-30535
2022-08-04 18:15:09
f5
f5
K52125139 : NGINX Ingress Controller vulnerability CVE-2022-30535
2022-08-03 00:00:00
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00
cnvd
cnvd
F5 NGINX Ingress Controller Input Validation Error Vulnerability
2022-08-03 00:00:00
osv
osv
BIT-nginx-ingress-controller-2022-30535
2023-11-06 08:57:20
CVE-2022-30535
2022-08-04 18:15:09
nvd
nvd
CVE-2022-30535
2022-08-04 18:15:09
prion
prion
Design/Logic Flaw
2022-08-04 18:15:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
27.5%
Related for CVELIST:CVE-2022-30535