141 matches found
K01051452: NGINX Ingress Controller vulnerability CVE-2021-23055
Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. CVE-2021-23055 Impact An attacker with privileges to deploy Ingress resources can inject configuration snippets that may allow them to gain access ...
K52125139: NGINX Ingress Controller vulnerability CVE-2022-30535
Security Advisory Description An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. CVE-2022-30535 Impact This vulnerability may allow an authenticated attacker with network access to NGINX Ingress Controller ingress objects t...
Security Bulletin: A vulnerability in nginx may affect IBM Robotic Process Automation for Cloud Pak resulting in a denial of service (CVE-2022-41741, CVE-2022-41742)
Summary There is a vulnerability in nginx used by IBM Robotic Process Automation for Cloud Pak as part of the container ingress controller that may result in a denial of service. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details...
Wallarm at API World and KubeCon 2022 this week
This is a busy week for the whole Wallarm team as we are sponsoring two big conferences at the very same time. API World 2022 Wallarm will be at API World in San Jose starting today. Stop by booth 209 to chat with our apisecurity experts about everything APIs, and check out a demo of Wallarm WAAP...
The vulnerability of the ngx_http_hls_module module in the NGINX Application Monitoring and Management Platform Ingress Controller allows a attacker to cause service interruptions or potentially exert other effects.
The vulnerability of the ngxhttphlsmodule module in the NGINX Application Monitoring and Management Controller platform relates to operations that occur outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause service failures or potentially have other adver...
The vulnerability of the ngx_http_mp4_module in NGINX Open Source HTTP servers allows attackers to expose sensitive information or cause service failures. NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms for application monitoring and management provide solutions to address this issue.
The vulnerability of the ngxhttpmp4module in NGINX Open Source HTTP servers, NGINX Open Source Subscription, NGINX Plus, and NGINX Ingress Controller platforms is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow attackers to disclose...
The vulnerability of the NGINX Ingress Controller’s monitoring and application management platform lies in insufficient validation of input data, allowing attackers to disclose sensitive information.
The vulnerability of the NGINX Ingress Controller monitoring and management platform is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information...
CVE-2022-30535
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2022-30535
CVE-2022-30535: summary Ingress Controller for NGINX (NGINX Ingress Controller) versions 2.x before 2.3.0 and all 1.x are affected. The issue allows an attacker who can create or update ingress objects to access secrets stored by the NGINX Ingress Controller, constituting a control-plane data dis...
CVE-2022-30535 NGINX Ingress Controller vulnerability CVE-2022-30535
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
PT-2022-3992 · Nginx · Nginx Ingress Controller
Name of the Vulnerable Software and Affected Versions: NGINX Ingress Controller versions 1.x and earlier NGINX Ingress Controller versions 2.x before 2.3.0 Description: The issue is related to insufficient input validation, allowing an authorized attacker to obtain secrets available to the NGINX...
F5 BIG-IP 输入验证错误漏洞
NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...
F5 NGINX Ingress Controller Input Validation Error Vulnerability
NGINX Ingress Controller is an application from F5 that works with NGINX and NGINX Plus and supports the standard ingress features - content-based routing and TLS / SSL offload. Ingress objects can be exploited by an attacker to obtain all available secret objects in the NGINX Ingress Controller...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability (CVE-2021-25748)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes Ingress Controller security vulnerability where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the...
The vulnerability of the command-line processor of the NGINX Ingress Controller, which allows a hacker to disclose protected information.
The vulnerability of the command-line processor of the NGINX Ingress Controller monitoring and application management platform is related to insufficient checks for granting permissions to critical resources. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...
CVE-2021-23055
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2021-23055
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
Code injection
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2021-23055
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2021-23055
CVE-2021-23055 affects NGINX Ingress Controller: versions 2.x before 2.0.3 and 1.x before 1.12.3 allow Ingress resources to bypass the -enable-snippets restriction, enabling snippet injections via ingress service account. Impact reported as potential access to secrets; attacker must have Privileg...