CVE-2022-30535

Description

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related CPE's

References

https://support.f5.com/csp/article/K52125139

CvssV3 impact

CvssV2 impact