CVE-2022-30535
MEDIUMF5 NGINX Ingress Controller 1.x and 2.x < 2.3.0 - Authenticated Secret Exposure via Ingress Object Manipulation
Title source: llmDescription
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K52125139
Scores
CVSS v3
6.5
EPSS
0.0067
EPSS Percentile
71.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-20
Status
published
Products (1)
f5/nginx_ingress_controller
1.0.0 - 2.3.0
Published
Aug 04, 2022
Tracked Since
Feb 18, 2026