What is CVE-2022-30535?

CVE-2022-30535 is a medium-severity vulnerability in F5 Nginx Ingress Controller, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2022-08-04.

How severe is CVE-2022-30535?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Improper input validation in F5 Nginx Ingress Controller

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.006 (43.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

F5 Nginx Ingress Controller — versions 2.x, 1.0.0
F5 Nginx_ingress_controller

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

f5sirt@f5.com (x_refsource_MISC, Vendor Advisory)

Frequently asked questions

What is CVE-2022-30535?: CVE-2022-30535 is a medium-severity vulnerability in F5 Nginx Ingress Controller, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2022-08-04.
How severe is CVE-2022-30535?: Medium severity. CVSS v3 base score is 6.5 out of 10.