Lucene search
K

99 matches found

OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5128 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails in github.com/traefik/traefik...

8.6CVSS5.8AI score0.0036EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:17 p.m.5 views

CVE-2026-54762

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS5.9AI score0.0036EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:17 p.m.37 views

CVE-2026-54762 Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Traefik is an HTTP reverse proxy and load balancer. From 3.7.0-ea.1 until 3.7.5, there is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported...

5.9CVSS0.0036EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 7:17 p.m.11 views

CVE-2026-54762

Traefik’s Kubernetes Ingress NGINX provider (versions 3.7.0-ea.1 through 3.7.5) contains a medium-severity fail-open vulnerability: if an Ingress enables BasicAuth or DigestAuth but the referenced auth-secret cannot be resolved or parsed, Traefik logs an error, skips installing the authentication...

8.6CVSS5.9AI score0.0036EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.7 views

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Summary There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the...

8.6CVSS5.9AI score0.0036EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-51068

Name of the Vulnerable Software and Affected Versions Traefik versions 3.7.0-ea.1 through 3.7.4 Description A fail-open authentication issue exists in the Kubernetes Ingress NGINX provider. When an Ingress explicitly enables BasicAuth or DigestAuth using the nginx.ingress.kubernetes.io/auth-type...

5.9CVSS5.8AI score0.0036EPSS
Exploits1References6
CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.7 views

CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5

CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5. A patched version of the package is available...

7.5CVSS5.4AI score0.00781EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.10 views

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.10 views

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.13 views

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.11 views

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.5CVSS5.8AI score0.00248EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.15 views

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/25 9:2 a.m.106 views

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 Vulnerability Scanning and Verific...

9.2CVSS6.2AI score0.61469EPSS
Exploits40
Snyk
Snyk
added 2026/05/20 7:7 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
Redos
Redos
added 2026/04/29 12:0 a.m.8 views

ROS-20260429-73-0040

A vulnerability in the incoming traffic controller in the Kubernetes ingress-nginx cluster is related to flaws in the input validation mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

8.8CVSS8.4AI score0.06669EPSS
Exploits1
Redos
Redos
added 2026/04/29 12:0 a.m.7 views

ROS-20260429-73-0041

A vulnerability in the incoming traffic controller in a Kubernetes ingress-nginx cluster is related to insufficient input validation. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code...

8.8CVSS6.8AI score0.01494EPSS
Exploits1
EUVD
EUVD
added 2026/04/24 3:19 p.m.12 views

EUVD-2026-25280

Contour has Lua code injection via Cookie Path Rewrite Policy...

8.1CVSS5.3AI score0.00481EPSS
Exploits0References7
Snyk
Snyk
added 2026/03/27 3:28 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 3:28 p.m.3 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output through the Kubernetes Ingress and Knative provider buildRule/buildHostRule processes in the pkg/provider/kubernetes/ingress and pkg/provider/kubernetes/knative components. An attacker can bypass...

7.7CVSS5.9AI score0.00463EPSS
Exploits1References2
Rows per page
Query Builder