CVE-2022-30535

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-30535

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30535.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-30535

Aliases

BIT-nginx-ingress-controller-2022-30535

Published

2022-08-04T18:15:09Z

Modified

2025-01-14T10:57:47.517036Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

References

https://support.f5.com/csp/article/K52125139

Affected packages

Git / github.com/nginxinc/kubernetes-ingress

Affected ranges

Type: GIT
Repo: https://github.com/nginxinc/kubernetes-ingress
Events: Introduced

90b8f75bd7ec7a40e5988e16d70cd4648b6edabb

Fixed

979db22d8065b22fedb410c9b9c5875cf0a6dc66

Affected versions

v1.*

v1.0.0

v1.1.0

v1.1.1

v1.11.0

v1.11.1

v1.12.0

v1.2.0

v1.3.0

v1.9.0-nsmready

v2.*

v2.0.0

v2.0.1

v2.0.2

v2.0.3

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.2.2