CVE-2022-30535Improper Input Validation in F5 Nginx Ingress Controller

CWE-20Improper Input Validation4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Nginx Ingress Controller
Timeline
PublishedAug 4
Latest updateAug 5

Description

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5f5/nginx_ingress_controller2.x2.3.0+1
NVDf5/nginx_ingress_controller1.0.02.3.0

🔴Vulnerability Details

2
GHSA
GHSA-cmrv-mf45-jw6v: In versions 22022-08-05
CVEList
NGINX Ingress Controller vulnerability CVE-2022-305352022-08-04

📋Vendor Advisories

1
F5
CVE-2022-30535: In versions 22022-08-04
CVE-2022-30535 — Improper Input Validation in F5 | cvebase