CVE-2022-30535: NGINX Ingress Controller vulnerability CVE-2022-30535
First published: Wed Aug 03 2022(Updated: )
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 NGINX Ingress Controller | >=1.0.0<2.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-30535?
CVE-2022-30535 is a vulnerability that allows an attacker authorized to create or update ingress objects to obtain secrets available to the NGINX Ingress Controller in versions 2.x before 2.3.0 and all versions of 1.x.
How severe is CVE-2022-30535?
CVE-2022-30535 has a severity value of 6.5, which is considered medium.
Which software versions are affected by CVE-2022-30535?
Versions 2.x before 2.3.0 and all versions of 1.x of the NGINX Ingress Controller are affected by CVE-2022-30535.
How can an attacker exploit CVE-2022-30535?
An attacker authorized to create or update ingress objects can exploit CVE-2022-30535 to obtain the secrets available to the NGINX Ingress Controller.
Is there a fix available for CVE-2022-30535?
To fix CVE-2022-30535, it is recommended to update to version 2.3.0 or later of the NGINX Ingress Controller.
- agent/type
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/f5
- canonical/f5 nginx ingress controller
- version/f5 nginx ingress controller/1.0.0