127 matches found
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...
GO-2026-5010 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller
Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...
PT-2026-42386
Kong Ingress Controller for Kubernetes KIC: Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller...
GHSA-M23H-6MWM-39M8 Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode where the GatewayClass lacks an unmanaged annotation, the Gateway TLS translator skips critical status...
GHSA-3278-C88V-XRH4 Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...
Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...
PT-2026-42362
Summary A vulnerability in the Kong Ingress Controller KIC allows for the unauthorized exposure of sensitive plugin credentials through the diagnostics interface. Even when configured to redact sensitive information using --dump-sensitive-config=false, KIC fails to sanitize the Plugins field in...
ingress-nginx Configuration Injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...
Contour 代码注入漏洞
Contour is an open-source Kubernetes ingress controller that uses Envoy proxies. Versions of Contour from v1.19.0 to v1.33.4, v1.32.5 before v1.32.5, and v1.31.6 before v1.31.6 had a code injection vulnerability. This vulnerability stemmed from the Cookie rewriting feature, which was vulnerable t...
GHSA-CFP9-33RC-J74F vulnerabilities
Vulnerabilities for packages: docker-cli, snyk-cli, gatekeeper, secrets-store-csi-driver-provider-azure, renovate, influx, net-kourier, mage, cloud-provider-aws, external-secrets-operator, nri-mssql, azurefile-csi, nri-f5, nats-top, hey, tkn, kube-arangodb, xcover, tigera-operator, atlantis,...
CVE-2026-27143 vulnerabilities
Vulnerabilities for packages: docker-cli, snyk-cli, gatekeeper, secrets-store-csi-driver-provider-azure, renovate, influx, net-kourier, mage, cloud-provider-aws, external-secrets-operator, nri-mssql, azurefile-csi, nri-f5, nats-top, hey, tkn, kube-arangodb, xcover, tigera-operator, atlantis,...
CVE-2026-27144 vulnerabilities
Vulnerabilities for packages: docker-cli, snyk-cli, gatekeeper, secrets-store-csi-driver-provider-azure, renovate, influx, net-kourier, mage, cloud-provider-aws, external-secrets-operator, nri-mssql, azurefile-csi, nri-f5, nats-top, hey, tkn, kube-arangodb, xcover, tigera-operator, atlantis,...
GHSA-CQRX-3M42-5P5W vulnerabilities
Vulnerabilities for packages: docker-cli, snyk-cli, gatekeeper, secrets-store-csi-driver-provider-azure, renovate, influx, net-kourier, mage, cloud-provider-aws, external-secrets-operator, nri-mssql, azurefile-csi, nri-f5, nats-top, hey, tkn, kube-arangodb, xcover, tigera-operator, atlantis,...
GHSA-CFP9-33RC-J74F vulnerabilities
Vulnerabilities for packages: dataplaneapi-fips, tigera-operator-fips, mage, container-object-storage-interface, renovate, istio-fips, cloudbeat-fips, hey, kubernetes-csi-node-driver-registrar-fips, harbor, rancher-agent, spilo, knative-eventing, cluster-api-fips, harbor-fips, zabbix-agent2-fips,...
GHSA-CQRX-3M42-5P5W vulnerabilities
Vulnerabilities for packages: dataplaneapi-fips, tigera-operator-fips, mage, container-object-storage-interface, renovate, istio-fips, cloudbeat-fips, hey, kubernetes-csi-node-driver-registrar-fips, harbor, rancher-agent, spilo, knative-eventing, cluster-api-fips, harbor-fips, zabbix-agent2-fips,...
CVE-2026-27144 vulnerabilities
Vulnerabilities for packages: dataplaneapi-fips, tigera-operator-fips, mage, container-object-storage-interface, renovate, istio-fips, cloudbeat-fips, hey, kubernetes-csi-node-driver-registrar-fips, harbor, rancher-agent, spilo, knative-eventing, cluster-api-fips, harbor-fips, zabbix-agent2-fips,...
CVE-2026-27143 vulnerabilities
Vulnerabilities for packages: dataplaneapi-fips, tigera-operator-fips, mage, container-object-storage-interface, renovate, istio-fips, cloudbeat-fips, hey, kubernetes-csi-node-driver-registrar-fips, harbor, rancher-agent, spilo, knative-eventing, cluster-api-fips, harbor-fips, zabbix-agent2-fips,...
ingress-nginx comment-based nginx configuration injection
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...
GHSA-F53H-MXV9-CP98 ingress-nginx comment-based nginx configuration injection
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...