Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-23008

Опубликовано: 25 янв. 2022
Источник: nvd
CVSS3: 5.4
CVSS2: 5.5
EPSS Низкий

Описание

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:f5:nginx_controller_api_management:*:*:*:*:*:*:*:*
Версия от 3.18.0 (включая) до 3.19.1 (исключая)

EPSS

Процентиль: 61%
0.00411
Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-94
CWE-79

Связанные уязвимости

github логотип

GHSA-jgrp-9rqg-rqhp

CVSS3: 5.4
github
около 4 лет назад

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

EPSS

Процентиль: 61%
0.00411
Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-94
CWE-79