CVE-2022-30535

Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller versions 1.x and earlier NGINX Ingress Controller versions 2.x before 2.3.0

Description The issue is related to insufficient input validation, allowing an authorized attacker to obtain secrets available to the NGINX Ingress Controller by creating or updating ingress objects. This can lead to the disclosure of protected information.

Recommendations For versions 1.x, consider disabling the creation or update of ingress objects until a patch is available. For versions 2.x before 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, restrict access to the NGINX Ingress Controller to minimize the risk of exploitation.