Lucene search
K

4 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.8 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.2AI score0.99098EPSS
Exploits21
OSV
OSV
added 2025/03/25 12:15 a.m.4 views

CVE-2025-1097

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...

8.8CVSS6.2AI score0.34677EPSS
Exploits7References3
Snyk
Snyk
added 2025/03/24 11:43 p.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-tls-match-cn annotation. An attacker can execute arbitrary code and disclose sensitive information by injecting malicious configurations. Remediation Upgrade...

8.8CVSS7.3AI score0.34677EPSS
Exploits7References2
Snyk
Snyk
added 2025/03/24 11:43 p.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-tls-match-cn annotation. An attacker can execute arbitrary code and disclose sensitive information by injecting malicious configurations. Remediation Upgrade...

8.8CVSS7.3AI score0.34677EPSS
Exploits7References2
Rows per page
Query Builder