GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...

CVE-2026-24470

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...

GHSA-MXXC-P822-2HX9 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...

Unintended Proxy or Intermediary ('Confused Deputy')

Overview Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' due to the unsafe usage of Kubernetes ExternalName type with Ingress controller. An attacker can gain unauthorized access to internal services, leveraging the controller's network...

CVE-2026-24470

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

PT-2026-4831

Name of the Vulnerable Software and Affected Versions Skipper versions prior to 0.24.0 Description Skipper is an HTTP router and reverse proxy for service composition. When operating as an Ingress controller, users with the ability to create Ingress resources and Services of type ExternalName can...

EUVD-2021-1578

Malware in sbrugna...

GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour

ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...

Cross-Site Request Forgery (CSRF)

github.com/kubernetes/kubernetes is vulnerable to cross-site request forgery. Backend IPs to ExternalName Services are exposed to ExternalName Services as it allows attackers to send network traffic to restricted locations...

GHSA-5PH6-QQ5X-7JWC ExternalName Services can be used to gain access to Envoy's admin interface

Impact Josh Ferrell @josh-ferrell from VMware has reported that a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely a denial of service, o...

ExternalName Services can be used to gain access to Envoy's admin interface

Impact Josh Ferrell @josh-ferrell from VMware has reported that a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely a denial of service, o...

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

Contour 安全漏洞

Contour is a Kubernetes entry controller that uses the Envoy proxy. A security vulnerability in versions of Contour prior to 1.17.1 allows an attacker to access the management interface of Envoy using a specially crafted ExternalName type service...

PT-2021-19929 · Contour +1 · Contour +1

Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...