Lucene search

GoogleOSV:BIT-NGINX-INGRESS-CONTROLLER-2021-23055

HistoryNov 06, 2023 - 8:57 a.m.

BIT-nginx-ingress-controller-2021-23055

2023-11-0608:57:29

Google

osv.dev

version control

command line restriction

software vulnerability

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CPENameOperatorVersion
nginx-ingress-controllerge2.0.0
nginx-ingress-controllerge1.0.0
nginx-ingress-controllerlt2.0.3
nginx-ingress-controllerlt1.12.3

Name	Operator	Version
nginx-ingress-controller	ge	2.0.0
nginx-ingress-controller	ge	1.0.0
nginx-ingress-controller	lt	2.0.3
nginx-ingress-controller	lt	1.12.3

References

support.f5.com/csp/article/K01051452

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.6%

JSON

Related for OSV:BIT-NGINX-INGRESS-CONTROLLER-2021-23055