51 matches found
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
EUVD-2025-206889
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566
CVE-2025-15566 affects ingress-nginx via the auth-proxy-set-headers annotation that can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible cluster-wide. Connected sources confirm the vulnerability lies in the ann...
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is a Kubernetes entry controller open source by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...
PT-2026-6670
Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result ...
acmer (>=0.0.1 <=0.0.16), auth-proxy (>=0.0.3 <=0.1.1) +413 more potentially affected by unknown CVE via aws-sdk-sso (>=0.10.1 <=0.9.0)
aws-sdk-sso CARGO version =0.10.1, =0.0.1, =0.0.3, =0.2.36, =0.0.18, =0.0.42, =0.0.14, =0.5.1, =0.0.1, =0.0.24, =0.0.1, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.24.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
EUVD-2013-1195
Malware in sbrugna...
EUVD-2024-1599
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-35957
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server adm...
OESA-2025-1189 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...
OESA-2025-1187 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...
OESA-2025-1186 grafana security update
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...
GO-2024-2847 Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...
Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...
GHSA-FF5C-938W-8C9Q Grafana Escalation from admin to server admin when auth proxy is used
Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...
grafana: Escalation from admin to server admin when auth proxy is used
A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...
SUSE CVE-2022-35957
Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...