34 matches found
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object in the networking.k8s.io or extensions API group can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the...
Design/Logic Flaw
Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain credential information of the controller...
PT-2023-12076 · Unknown · Ingress-Nginx
Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the...
Kubernetes ingress-nginx 安全漏洞
Kubernetes ingress-nginx is the entry controller for Cloud Native Computing Foundation's Kubernetes, using NGINX as a reverse proxy and load balancer. A security vulnerability exists in Kubernetes ingress-nginx. An attacker can exploit this vulnerability to obtain the credentials of the...
SUSE CVE-2021-25746
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...
Two critical security flaws found in Nginx-Ingress controller
Ingress controllers allow users to configure an HTTP load balancer for applications running on Kubernetes. It’s needed to serve those applications to clients outside of the Kubernetes Cluster. It’s also configured with Kubernetes API to deploy objects called Ingress Resources The NGINX Ingress...
CVE-2021-25746
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...
CVE-2021-25746
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...
CVE-2021-25745
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...
CVE-2021-25746
CVE-2021-25746 affects the ingress-nginx controller. A user who can create or update Ingress objects can read the controller’s credentials by manipulating .metadata.annotations in an Ingress (networking.k8s.io or extensions API group). In the default configuration, those credentials grant access ...
CVE-2021-25745
The connected records confirm CVE-2021-25745 affects ingress-nginx in Kubernetes. A user who can create/update Ingress objects can abuse spec.rules[].http.paths[].path (in networking.k8s.io or extensions) to obtain the credentials of the ingress-nginx controller. In the default configuration, tha...
PT-2022-9683 · Unknown · Ingress-Nginx
Name of the Vulnerable Software and Affected Versions: ingress-nginx affected versions not specified Description: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object to obtain the credentials of...
CVE-2022-23117
Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller...
SEL Controller Default Credentials
Binary data scadaseldefaulttelnet.nbin...