Lucene search
HistoryAug 04, 2022 - 6:15 p.m.
CVE-2022-30535
nginx
ingress
unauthorized access
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
27.5%
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected configurations
Node
f5nginx_ingress_controllerRange1.0.0–2.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| f5 | nginx_ingress_controller | * | cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:* |
References
Related
cve
cve
CVE-2022-30535
2022-08-04 18:15:09
cvelist
cvelist
CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535
2022-08-04 17:45:41
f5
f5
K52125139 : NGINX Ingress Controller vulnerability CVE-2022-30535
2022-08-03 00:00:00
K14649763 : Overview of F5 vulnerabilities (August 2022)
2022-08-03 00:00:00
cnvd
cnvd
F5 NGINX Ingress Controller Input Validation Error Vulnerability
2022-08-03 00:00:00
osv
osv
BIT-nginx-ingress-controller-2022-30535
2023-11-06 08:57:20
CVE-2022-30535
2022-08-04 18:15:09
prion
prion
Design/Logic Flaw
2022-08-04 18:15:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
0.001
Percentile
27.5%
Related for NVD:CVE-2022-30535