Lucene search
+L

141 matches found

F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.133 views

K01051452: NGINX Ingress Controller vulnerability CVE-2021-23055

Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. CVE-2021-23055 Impact An attacker with privileges to deploy Ingress resources can inject configuration snippets that may allow them to gain access ...

6.5CVSS6.8AI score0.00739EPSS
Exploits0Affected Software1
F5 Networks
F5 Networks
added 2023/02/21 7:56 p.m.62 views

K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535

Security Advisory Description An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. CVE-2022-30535 Impact This vulnerability may allow an authenticated attacker with network access to NGINX Ingress Controller ingress objects t...

6.5CVSS6.3AI score0.00607EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/04 7:55 p.m.94 views

Security Bulletin: A vulnerability in nginx may affect IBM Robotic Process Automation for Cloud Pak resulting in a denial of service (CVE-2022-41741, CVE-2022-41742)

Summary There is a vulnerability in nginx used by IBM Robotic Process Automation for Cloud Pak as part of the container ingress controller that may result in a denial of service. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...

7.8CVSS7AI score0.01069EPSS
Exploits2Affected Software1
Wallarm Lab
Wallarm Lab
added 2022/10/26 3:39 p.m.29 views

Wallarm at API World and KubeCon 2022 this week

This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very same time. API World 2022 Wallarm will be at API World in San Jose starting today. Stop by booth 209 to chat with our apisecurity experts about everything APIs, and check out a demo of Wallarm WAAP...

1.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2022/10/24 12:0 a.m.8 views

The vulnerability of the ngx_http_hls_module module in the NGINX Application Monitoring and Management Platform Ingress Controller allows a attacker to cause service interruptions or potentially exert other effects.

The vulnerability of the ngxhttphlsmodule module in the NGINX Application Monitoring and Management Controller platform relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service failures or potentially have other adver...

7CVSS7.4AI score0.00214EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/10/24 12:0 a.m.9 views

The vulnerability of the ngx_http_mp4_module in NGINX Open Source HTTP servers allows attackers to expose sensitive information or cause service failures. NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms for application monitoring and management provide solutions to address this issue.

The vulnerability of the ngxhttpmp4module in NGINX Open Source HTTP servers, NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose...

7.1CVSS7.6AI score0.01069EPSS
Exploits2References4Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/08/08 12:0 a.m.9 views

The vulnerability of the NGINX Ingress Controller’s monitoring and application management platform lies in insufficient validation of input data, allowing attackers to disclose sensitive information.

The vulnerability of the NGINX Ingress Controller monitoring and management platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...

6.8CVSS6.6AI score0.00607EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/08/04 6:15 p.m.18 views

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS6.9AI score
Exploits0References1
CVE
CVE
added 2022/08/04 5:45 p.m.105 views

CVE-2022-30535

CVE-2022-30535: summary Ingress Controller for NGINX (NGINX Ingress Controller) versions 2.x before 2.3.0 and all 1.x are affected. The issue allows an attacker who can create or update ingress objects to access secrets stored by the NGINX Ingress Controller, constituting a control-plane data dis...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/04 5:45 p.m.36 views

CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/04 12:0 a.m.21 views

PT-2022-3992 · Nginx · Nginx Ingress Controller

Name of the Vulnerable Software and Affected Versions: NGINX Ingress Controller versions 1.x and earlier NGINX Ingress Controller versions 2.x before 2.3.0 Description: The issue is related to insufficient input validation, allowing an authorized attacker to obtain secrets available to the NGINX...

6.8CVSS6.2AI score0.00607EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/08/03 12:0 a.m.21 views

F5 BIG-IP 输入验证错误漏洞

NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...

6.5CVSS5.7AI score0.00607EPSS
Exploits0References3
CNVD
CNVD
added 2022/08/03 12:0 a.m.39 views

F5 NGINX Ingress Controller Input Validation Error Vulnerability

NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...

6.5CVSS2.3AI score0.00607EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/06/21 3:32 p.m.25 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability (CVE-2021-25748)

Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the...

7.6CVSS6.2AI score0.00694EPSS
Exploits0Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.8 views

The vulnerability of the command-line processor of the NGINX Ingress Controller, which allows a hacker to disclose protected information.

The vulnerability of the command-line processor of the NGINX Ingress Controller monitoring and application management platform is related to insufficient checks for granting permissions to critical resources. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...

6.8CVSS6.6AI score0.00739EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/04/21 7:15 p.m.26 views

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS0.00739EPSS
Exploits0References1
OSV
OSV
added 2022/04/21 7:15 p.m.23 views

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS7AI score
Exploits0References1
Prion
Prion
added 2022/04/21 7:15 p.m.20 views

Code injection

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

4CVSS6.6AI score0.00739EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/21 6:14 p.m.32 views

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.8AI score0.00739EPSS
Exploits0References1
CVE
CVE
added 2022/04/21 6:14 p.m.110 views

CVE-2021-23055

CVE-2021-23055 affects NGINX Ingress Controller: versions 2.x before 2.0.3 and 1.x before 1.12.3 allow Ingress resources to bypass the -enable-snippets restriction, enabling snippet injections via ingress service account. Impact reported as potential access to secrets; attacker must have Privileg...

6.5CVSS6.5AI score0.00739EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder