Description

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related CPE's

a

f5

nginx_ingress_controller

Vulnerable

References

https://support.f5.com/csp/article/K52125139

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-08-04T18:15:09.423

2 years ago

Last modified

2022-08-10T15:35:54.290

2 years ago