5 matches found
Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes
On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....
CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-tls-match-cn annotation. An attacker can execute arbitrary code and disclose sensitive information by injecting malicious configurations. Remediation Upgrade...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-tls-match-cn annotation. An attacker can execute arbitrary code and disclose sensitive information by injecting malicious configurations. Remediation Upgrade...
Kubernetes ingress-nginx 输入验证错误漏洞
Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that stems from auth-tls-match-cn Ingress annotations can be used to inject configurations, which could le...