CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: Aug 4, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-30535
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
f5 / nginx_ingress_controller	1.0.0	2.3.0

https://support.f5.com/csp/article/K52125139

Vulnerability Database

289,571

CVE-2022-30535