CVE-2021-23055

CWE-732Incorrect Permission Assignment4 documents4 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 60.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx Ingress Controller
Timeline
PublishedApr 21
Latest updateApr 22

Description

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDf5/nginx_ingress_controller1.0.01.12.3+1
CVEListV5nginx_ingress_controller2.x before 2.0.3 and 1.x before 1.12.3

🔴Vulnerability Details

2
GHSA
GHSA-38cm-wqx5-m22m: On version 22022-04-22
CVEList
CVE-2021-23055: On version 22022-04-21

📋Vendor Advisories

1
F5
CVE-2021-23055: On version 22022-04-21
CVE-2021-23055 (MEDIUM CVSS 6.5) | On version 2.x before 2.0.3 and 1.x | cvebase.io