K94093538 : NGINX Service Mesh control plane vulnerability CVE-2022-27495

2022-05-0400:00:00

my.f5.com

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.4%

JSON

Security Advisory Description

NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. (CVE-2022-27495)

Impact

An attacker may affect traffic policies, security policies, and other reverse proxy capabilities of NGINX Service Mesh if they’ve gained access to a Kubernetes cluster. Configuration and management endpoints are authenticated and authorized from external networks using Kubernetes authentication and Role-based Access Control (RBAC) policies. However, if an attacker can gain access to the internal overlay network, authentication and authorization policies can be bypassed; leaving NGINX Service Mesh exposed to unauthorized manipulation.

CPENameOperatorVersion
f5 ssl orchestratoreq14.1.0
f5 ssl orchestratoreq14.1.2
f5 ssl orchestratoreq14.1.4
f5 ssl orchestratoreq15.1.0
f5 ssl orchestratoreq15.1.1
f5 ssl orchestratoreq16.1.0
f5 ssl orchestratoreq16.1.1
f5 ssl orchestratoreq17.0.0
big-ip afmeq11.6.1
big-ip afmeq11.6.2

Name	Operator	Version
f5 ssl orchestrator	eq	14.1.0
f5 ssl orchestrator	eq	14.1.2
f5 ssl orchestrator	eq	14.1.4
f5 ssl orchestrator	eq	15.1.0
f5 ssl orchestrator	eq	15.1.1
f5 ssl orchestrator	eq	16.1.0
f5 ssl orchestrator	eq	16.1.1
f5 ssl orchestrator	eq	17.0.0
big-ip afm	eq	11.6.1
big-ip afm	eq	11.6.2

Rows per page:

1-10 of 3301