Vulnerabilities > F5 > Nginx Ingress Controller > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-11-06 CVE-2024-10318 Session Fixation vulnerability in F5 products
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time.
network
low complexity
f5 CWE-384
5.4
2022-08-04 CVE-2022-30535 Unspecified vulnerability in F5 Nginx Ingress Controller
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller.
network
low complexity
f5
6.5
2022-04-21 CVE-2021-23055 Unspecified vulnerability in F5 Nginx Ingress Controller
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects.
network
low complexity
f5
6.5