Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.20 views

CVE-2020-8553

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...

5.9CVSS6.8AI score0.00894EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2020/09/28 8:10 p.m.32 views

Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2020-8553)

Summary IBM Cloud Private is vulnerable to a Kubernetes vulnerability Vulnerability Details CVEID: CVE-2020-8553 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the annotation...

5.9CVSS0.4AI score0.00894EPSS
Exploits0Affected Software1
CVE
CVE
added 2020/07/29 2:53 p.m.84 views

CVE-2020-8553

Summary: The Kubernetes ingress-nginx controller prior to 0.28.0 is vulnerable when a user can create namespaces and read/write ingress objects. They can overwrite the password file of another ingress that uses basic auth (nginx.ingress.kubernetes.io/auth-type: basic) if the target ingress has a ...

5.9CVSS6AI score0.00894EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/29 2:53 p.m.36 views

CVE-2020-8553 Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...

5.9CVSS5.7AI score0.00894EPSS
Exploits0References1
Rows per page
Query Builder