Lucene search
K

140 matches found

Snyk
Snyk
added 2025/03/24 11:43 p.m.5 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

9.8CVSS7.4AI score0.99098EPSS
Exploits20References2
Snyk
Snyk
added 2025/03/24 11:43 p.m.4 views

Improper Isolation or Compartmentalization

Overview Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the Validating Admission Controller feature. An attacker with access to the pod network can execute code, which allows them to access stored secrets. By default, the controller can access al...

9.8CVSS7.4AI score0.99098EPSS
Exploits20References2
OSV
OSV
added 2025/03/24 11:29 p.m.5 views

CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS7.2AI score0.34677EPSS
Exploits7References6
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.30 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.20 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.64 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.33 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
Microsoft CVE
Microsoft CVE
added 2025/03/24 7:0 a.m.26 views

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Ingress Controllers play a critical role within Kubernetes clusters by enabling the functionality of Ingress resources. Azure Kubernetes Service AKS is aware of several security vulnerabilities affecting the Kubernetes ingress-nginx controller, including CVE-2025-1098, CVE-2025-1974, CVE-2025-109...

9.8CVSS7.5AI score0.99098EPSS
Exploits21
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.6 views

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary...

8.8CVSS8.1AI score0.83066EPSS
Exploits7References2
RedhatCVE
RedhatCVE
added 2025/02/05 2:49 p.m.15 views

CVE-2020-15127

In Contour Ingress controller for Kubernetes before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdown procedure. The shutdown procedure includes...

7.5CVSS6.8AI score0.01375EPSS
Exploits0References4
Hacker One
Hacker One
added 2024/09/05 3:29 p.m.16 views

Kubernetes: Injection in path parameter of Ingress-nginx

A vulnerability was discovered in the Ingress-nginx controller where an attacker could inject arbitrary content into the path parameter of an Ingress. This allowed the attacker to upload a malicious nginx configuration file to the ingress controller's file system and then include that file in a...

7.6CVSS6.1AI score0.00694EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/08/19 12:0 a.m.11 views

The vulnerability of the Ingress controller in the Kubernetes cluster ingress-nginx, related to errors in processing Ingress object annotations, allows a hacker to increase their privileges.

The vulnerability of the ingress controller in the Kubernetes cluster ingress-nginx is related to errors in processing Ingress object annotations. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS7.9AI score0.27018EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2024/03/06 10:51 a.m.32 views

BIT-CONTOUR-2021-32783 Authorization bypass in Contour

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

8.5CVSS8.3AI score0.01151EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/10 9:46 a.m.58 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-5043, CVE-2023-5044, CVE-2022-4886)

Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/configuration-snippet annotation CVE-2023-5043 or the...

8.8CVSS7.4AI score0.56568EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/11/06 8:57 a.m.25 views

BIT-NGINX-INGRESS-CONTROLLER-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

6.5CVSS6.7AI score0.00607EPSS
Exploits0References1
Veracode
Veracode
added 2023/10/30 8:24 a.m.21 views

Improper Input Validation

k8s.io/ingress-nginx is vulnerable to Improper Input Validation. The vulnerability is caused by a missing validation check on nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object in the networking.k8s.io or extensions API group. The above annotation can be used to...

8.8CVSS7.5AI score0.02234EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2023/10/30 6:46 a.m.120 views

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 CVSS score: 8.8 - Ingress-nginx path...

8.2AI score0.56568EPSS
Exploits2
CNNVD
CNNVD
added 2023/10/25 12:0 a.m.6 views

Ingress NGINX Controller Code Injection Vulnerability

Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller. An attacker could exploit this vulnerability to perform a code injection attack...

8.8CVSS7.3AI score0.56568EPSS
Exploits2References5
F5 Networks
F5 Networks
added 2023/02/21 8:2 p.m.259 views

K30425568: Overview of F5 vulnerabilities (October 2022)

Security Advisory Description On October 19, 2022, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

8.8CVSS6.2AI score0.011EPSS
Exploits2
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.132 views

K01051452: NGINX Ingress Controller vulnerability CVE-2021-23055

Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. CVE-2021-23055 Impact An attacker with privileges to deploy Ingress resources can inject configuration snippets that may allow them to gain access ...

6.5CVSS6.8AI score0.00739EPSS
Exploits0Affected Software1
Rows per page
Query Builder