CVE-2022-23008

CVE-2022-23008

Vendor N/A
Product NGINX Controller API Management
Weakness CWE-94 · Code injection
Published January 25, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Key dates

02Disclosure timeline

January 25, 2022 CVE published
August 3, 2024 Record updated