CVE-2022-30535

MEDIUM

F5 NGINX Ingress Controller 1.x and 2.x < 2.3.0 - Authenticated Secret Exposure via Ingress Object Manipulation

Title source: llm
STIX 2.1

Description

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K52125139

Scores

CVSS v3 6.5
EPSS 0.0061
EPSS Percentile 44.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-20
Status published
Products (1)
f5/nginx_ingress_controller 1.0.0 - 2.3.0
Published Aug 04, 2022
Tracked Since Feb 18, 2026