CVE-2022-23008
Last modified
CVE-2022-23008 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.. EPSS estimates a 0.55% chance of exploitation in the next 30 days.
Description
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| F5 | Nginx Controller Api Management | >= 3.18.0, < 3.19.1 |
References
- https://support.f5.com/csp/article/K57735782Vendor Advisory
- https://support.f5.com/csp/article/K57735782Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23008?
How severe is CVE-2022-23008?
How do I fix CVE-2022-23008?
Are you affected by CVE-2022-23008?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST