Vulnerability Details CVE-2022-27495
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.3
References
Products affected by CVE-2022-27495
-
cpe:2.3:a:f5:nginx_service_mesh:1.3.0
-
cpe:2.3:a:f5:nginx_service_mesh:1.3.1