6262 matches found
CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation...
CVE-2023-5043 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller...
CVE-2022-4886
Ingress-nginx path sanitization can be bypassed with logformat directive...
CVE-2022-4886
Ingress-nginx path sanitization can be bypassed with logformat directive...
Code injection
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation...
Design/Logic Flaw
Ingress nginx annotation injection causes arbitrary command execution...
Code injection
Ingress-nginx path sanitization can be bypassed with logformat directive...
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation...
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation...
CVE-2023-5044
CVE-2023-5044 : Code injection via the nginx.ingress.kubernetes.io/permanent-redirect annotation in Kubernetes ingress-nginx. The root cause is improper input validation of the permanent-redirect annotation, enabling an attacker to inject executable content. Public material confirms a PoC/exploit...
CVE-2023-5043
CVE-2023-5043 affects Kubernetes ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation injection allows a remote authenticated attacker to execute arbitrary commands on the system due to improper input validation. IBM’s bulletin associates this CVE with IBM Cloud Ku...
CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution
Ingress nginx annotation injection causes arbitrary command execution...
CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Ingress-nginx path sanitization can be bypassed with logformat directive...
CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Ingress-nginx path sanitization can be bypassed with logformat directive...
CVE-2022-4886
CVE-2022-4886 is an Ingress-Nginx vulnerability where path sanitization can be bypassed via the log_format directive. IBM and OSV entries describe an impact: a remote authenticated attacker could obtain credentials information from Kubernetes Ingress Controller (ALB) deployments affected by this ...
Moderate: Red Hat Security Advisory: nginx:1.22 security update
An update for the nginx:1.22 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Ingress NGINX Controller Injection Vulnerability
Ingress NGINX Controller is a Kubernetes open source entry controller for Kubernetes. A security vulnerability exists in Ingress NGINX Controller. An attacker can exploit this vulnerability to execute arbitrary commands...
PT-2023-6428
Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.9.0 Description A security issue in ingress-nginx allows for arbitrary command execution due to annotation injection. This can be exploited by a remote attacker to execute arbitrary code or elevate privileges...
PT-2023-6604 · Unknown · Ingress-Nginx
Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: The issue is related to a controller vulnerability in the Kubernetes ingress-nginx cluster, which is associated with errors in processing input data. This can allow a remote attacker ...
RHEL 9 : nginx:1.22 (RHSA-2023:6120)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:6120 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. Security...