50 matches found
CVE-2026-40964
Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token...
Cloud Foundry Foundation security vulnerabilities
Cloud Foundry Foundation is an open-source platform as a service PaaS offered by the Cloud Foundry Foundation. There is a security vulnerability in Cloud Foundry Foundation’s cf-auth-proxy component. This vulnerability stems from authentication bypassing, allowing unauthenticated remote attackers...
Linux Distros Unpatched Vulnerability : CVE-2026-33376
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate...
BIT-GRAFANA-2026-33376 Auth Proxy IPv6 whitelist bypass
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
SUSE CVE-2026-33376
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
EUVD-2026-30142
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
CVE-2026-33376
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
UBUNTU-CVE-2026-33376
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
CVE-2026-33376
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
CVE-2026-33376 Auth Proxy IPv6 whitelist bypass
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
CVE-2026-33376
CVE-2026-33376 affects Grafana’s Auth Proxy IPv6 allow-list: by default it accepts /32 addresses. Addresses with explicit masks are not affected. The practical impact is a potentially unintended bypass of access controls for the Auth Proxy component only; other components (Okta, SAML, LDAP) are u...
CVE-2026-33376 Auth Proxy IPv6 whitelist bypass
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
CVE-2026-33376
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
Auth Proxy IPv6 whitelist bypass
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
Grafana OSS 安全漏洞
Grafana OSS is an open-source visualization dashboard developed by Grafana. There are security vulnerabilities in Grafana OSS; these vulnerabilities stem from the Auth Proxy feature, which defaults to using /32 addresses when an IPv6 allowlist is applied, potentially leading to configuration issu...
PT-2026-40790
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists in the Auth Proxy feature where IPv6 allow-lists default to /32 addresses. This behavior is specific to the Auth Proxy and does not impact other...
BIT-NGINX-INGRESS-CONTROLLER-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
Improper Validation of Specified Type of Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input in the auth-proxy-set-headers annotation, which allows injection of configuration into nginx. An attacker can execute arbitrary code and access sensitive information by supplying crafted...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
CVE-2025-15566
A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-proxy-set-headers Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...