Lucene search
+L

142 matches found

Github Security Blog
Github Security Blog
added 2026/02/04 12:30 a.m.7 views

ingress-nginx has Improper Check for Unusual or Exceptional Conditions

A security issue was discovered in ingress-nginx where the protection afforded by the auth-url Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that includes HTTP errors...

3.1CVSS5.4AI score0.00278EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6445

A security issue was discovered in ingress-nginx. Tthe rules.http.paths.path Ingress field can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that in...

8.8CVSS6.3AI score0.00501EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/03 10:54 p.m.3 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via the rules.http.paths.path field, which allows injection of configuration into the nginx process. An attacker can execute arbitrary code and access sensitive Secrets by crafting malicious input to this field...

8.8CVSS6.1AI score0.00501EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.10 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx. This vulnerability stems from the...

8.8CVSS7.6AI score0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.22 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx; this vulnerability stems from the rules.http.paths.path Ingress field...

8.8CVSS7.7AI score0.00501EPSS
Exploits1References1
OSV
OSV
added 2026/02/02 9:5 p.m.6 views

GO-2026-4378 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName in github.com/zalando/skipper...

8.1CVSS5.4AI score0.00267EPSS
Exploits0References5
OSV
OSV
added 2026/01/30 3:12 p.m.15 views

CLEANSTART-2026-CR41732 net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines

Multiple security vulnerabilities affect the ingress-nginx-controller package. The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00804EPSS
Exploits0References17
Github Security Blog
Github Security Blog
added 2026/01/26 11:26 p.m.11 views

Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Impact When running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach internal services. Patches https://github.com/zalando/skipper/releases/tag/v0.24.0...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:23 p.m.4 views

CVE-2026-24470

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/26 10:23 p.m.4 views

CVE-2026-24470 Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName

Skipper is an HTTP router and reverse proxy for service composition. Prior to version 0.24.0, when running Skipper as an Ingress controller, users with permissions to create an Ingress and a Service of type ExternalName can create routes that enable them to use Skipper's network access to reach...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3
CVE
CVE
added 2026/01/26 10:23 p.m.24 views

CVE-2026-24470

CVE-2026-24470 affects the Skipper HTTP router/reverse proxy. Before v0.24.0, when Skipper runs as an Ingress controller, users with Ingress and ExternalName Service permissions could create routes enabling Skipper’s network access to reach internal services. The issue is mitigated by disabling K...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.5 views

PT-2026-4831

Name of the Vulnerable Software and Affected Versions Skipper versions prior to 0.24.0 Description Skipper is an HTTP router and reverse proxy for service composition. When operating as an Ingress controller, users with the ability to create Ingress resources and Services of type ExternalName can...

8.1CVSS5.9AI score0.00267EPSS
Exploits0References16
EUVD
EUVD
added 2025/12/17 6:31 p.m.8 views

EUVD-2025-203903

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.4AI score0.00379EPSS
Exploits0References2
NVD
NVD
added 2025/12/17 4:16 p.m.16 views

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00379EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 4:16 p.m.6 views

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score
Exploits0References1
CVE
CVE
added 2025/12/17 3:48 p.m.51 views

CVE-2025-14727

CVE-2025-14727 affects the NGINX Ingress Controller due to improper validation of the nginx.org/rewrite-target annotation, enabling a path traversal style issue. The F5 advisory notes that the vulnerability is present in the 5.x line (5.3.0) and fixes were introduced in 5.3.1; other branches have...

8.7CVSS6.5AI score0.00379EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/17 3:48 p.m.37 views

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 3:48 p.m.4 views

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.5AI score0.00379EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2025/12/17 2:56 p.m.13 views

K000158176: NGINX Ingress Controller vulnerability CVE-2025-14727

Security Advisory Description A vulnerability exists in the NGINX Ingress Controller nginx . org/rewrite-target annotation validation. CVE-2025-14727 Note : Support for path rewrites using the nginx . org/rewrite-target annotation was added in NGINX Ingress Controller version 5.3.0. For more...

8.7CVSS6.6AI score0.00379EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.11 views

F5 NGINX Ingress Controller 路径遍历漏洞

F5 NGINX Ingress Controller is a traffic management solution from F5 USA for cloud-native applications in Kubernetes and containerized environments. A path traversal vulnerability exists in F5 NGINX Ingress Controller, which stems from improper validation of the nginx.org/rewrite-target annotatio...

8.7CVSS6.6AI score0.00379EPSS
Exploits0References1
Rows per page
Query Builder