4 matches found
K01051452: NGINX Ingress Controller vulnerability CVE-2021-23055
Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. CVE-2021-23055 Impact An attacker with privileges to deploy Ingress resources can inject configuration snippets that may allow them to gain access ...
SUSE CVE-2021-23055
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2021-23055
creationtimestamp| type| source ---|---|--- 2022-04-21 22:27:00+00:00| seen| https://t.me/cibsecurity/41246...
CVE-2021-23055
CVE-2021-23055 affects NGINX Ingress Controller: versions 2.x before 2.0.3 and 1.x before 1.12.3 allow Ingress resources to bypass the -enable-snippets restriction, enabling snippet injections via ingress service account. Impact reported as potential access to secrets; attacker must have Privileg...