BIT-nginx-ingress-controller-2022-30535

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/nginx-ingress-controller/BIT-nginx-ingress-controller-2022-30535.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-nginx-ingress-controller-2022-30535

Aliases

CVE-2022-30535

Published

2023-11-06T08:57:20.681Z

Modified

2023-12-06T01:02:16.295972Z

Summary

[none]

Details

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Database specific

{
    "cpes": [
        "cpe:2.3:a:f5:nginx_ingress_controller:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://support.f5.com/csp/article/K52125139

Affected packages

Bitnami / nginx-ingress-controller

Package

Name: nginx-ingress-controller
Purl: pkg:bitnami/nginx-ingress-controller

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

1.0.0

Fixed

2.3.0