Description

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related CPE's

a

f5

nginx_ingress_controller

Vulnerable

References

https://support.f5.com/csp/article/K52125139

Vendor Advisory

https://support.f5.com/csp/article/K52125139

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-20

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2022-08-04T16:15:09.423Z

3 years ago

Last modified

2024-11-21T06:02:53.850Z

1 year ago