Lucene search
K

51 matches found

NVD
NVD
added 2026/02/06 4:15 a.m.13 views

CVE-2025-15566

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS0.00469EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/06 3:13 a.m.4 views

EUVD-2025-206889

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.3AI score0.00469EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/06 3:13 a.m.2 views

CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.3AI score0.00469EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 3:13 a.m.5 views

CVE-2025-15566

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS6.3AI score0.00469EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/06 3:13 a.m.32 views

CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS0.00469EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 3:13 a.m.23 views

CVE-2025-15566

CVE-2025-15566 affects ingress-nginx via the auth-proxy-set-headers annotation that can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible cluster-wide. Connected sources confirm the vulnerability lies in the ann...

8.8CVSS6.3AI score0.00469EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.7 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open source by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...

8.8CVSS6.3AI score0.00469EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.6 views

PT-2026-6670

Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A security issue exists in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can result ...

8.8CVSS6.2AI score0.00469EPSS
Exploits0References13
vulnersOsv
vulnersOsv
added 2026/01/08 9:46 p.m.3 views

acmer (>=0.0.1 <=0.0.16), auth-proxy (>=0.0.3 <=0.1.1) +413 more potentially affected by unknown CVE via aws-sdk-sso (>=0.10.1 <=0.9.0)

aws-sdk-sso CARGO version =0.10.1, =0.0.1, =0.0.3, =0.2.36, =0.0.18, =0.0.42, =0.0.14, =0.5.1, =0.0.1, =0.0.24, =0.0.1, =0.1.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.24.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...

5.5AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2013-1195

Malware in sbrugna...

7.8CVSS6.3AI score0.01259EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-1599

Malicious code in bioql PyPI...

6.6CVSS7.9AI score0.01302EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-35957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server adm...

6.6CVSS7.4AI score0.01302EPSS
Exploits0References3
OSV
OSV
added 2025/02/28 3:32 p.m.4 views

OESA-2025-1189 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...

8.7CVSS6.7AI score0.68603EPSS
Exploits0References10
OSV
OSV
added 2025/02/28 3:32 p.m.2 views

OESA-2025-1187 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...

8.7CVSS6.7AI score0.68603EPSS
Exploits0References10
OSV
OSV
added 2025/02/28 3:32 p.m.6 views

OESA-2025-1186 grafana security update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB OpenTSDB. Security Fixes: Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored...

8.7CVSS6.7AI score0.68603EPSS
Exploits0References10
OSV
OSV
added 2024/06/05 3:10 p.m.23 views

GO-2024-2847 Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana

Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

6.6CVSS6.7AI score0.01302EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/05/14 10:25 p.m.33 views

Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

6.6CVSS7.1AI score0.01302EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/05/14 10:25 p.m.40 views

GHSA-FF5C-938W-8C9Q Grafana Escalation from admin to server admin when auth proxy is used

Today we are releasing Grafana 9.1.6, 9.0.9, 8.5.13. This patch release includes a Moderate severity security fix for CVE-2022-35957 that affects Grafana instances which are using Grafana Auth Proxy. Release 9.1.6, latest patch, also containing security fix: - Download Grafana 9.1.6 - Release not...

7.5CVSS7.2AI score0.01302EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.2 views

grafana: Escalation from admin to server admin when auth proxy is used

A flaw was found in the grafana package. Auth proxy allows authentication of a user by only providing the username or email in an X-WEBAUTH-USER HTTP header. The trust assumption is that a front proxy will take care of authentication and that the Grafana server is only publicly reachable with thi...

6.6CVSS7.3AI score0.01302EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:24 a.m.3 views

SUSE CVE-2022-35957

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

6.6CVSS9.7AI score0.01302EPSS
Exploits0References14
Rows per page
Query Builder