Lucene search
K

4 matches found

Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.11 views

Traefik Kubernetes Ingress NGINX provider fails open when auth-secret resolution fails

Summary There is a medium severity vulnerability in Traefik's Kubernetes Ingress NGINX provider that causes affected routes to fail open. When an Ingress explicitly enables BasicAuth or DigestAuth through the supported nginx.ingress.kubernetes.io/auth-type and auth-secret annotations, but the...

8.6CVSS5.9AI score0.0036EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40716

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.46 Traefik versions prior to 3.6.17 Traefik versions prior to 3.7.1 Description Traefik's Kubernetes Gateway API provider contains an authorization bypass that allows a tenant with HTTPRoute creation permissions ...

9.9CVSS5.8AI score0.00468EPSS
Exploits1References22
Snyk
Snyk
added 2026/03/05 4:15 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded processing of responses in the ForwardAuth middleware due to the lack of restrictions for maxResponseBodySize configuration. An attacker can cause resource exhaustion...

6.9CVSS5.8AI score0.00451EPSS
Exploits0References2
Snyk
Snyk
added 2025/12/08 4:43 p.m.3 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to inverted logic in the InsecureSkipVerify field when processing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. An attacker can intercept and read sensitive data by performing...

8.2CVSS6.7AI score0.00213EPSS
Exploits0References2
Rows per page
Query Builder