Lucene search
K

8 matches found

Snyk
Snyk
added 2026/05/20 7:7 p.m.8 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation There is no fixed version for...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2026/05/20 7:7 p.m.5 views

Insertion of Sensitive Information Into Sent Data

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data via the diagnostics endpoint. An attacker can obtain sensitive secret-backed plugin configuration data by accessing this endpoint. Remediation Upgrade...

6.1CVSS5.8AI score
Exploits0References3
Snyk
Snyk
added 2025/10/08 12:0 a.m.3 views

Incomplete Filtering of Special Elements

Overview Affected versions of this package are vulnerable to Incomplete Filtering of Special Elements in the config-snippets feature flag. An attacker can access sensitive environment variables, including the Kubernetes service account token secret, by injecting arbitrary HAProxy directives. Note...

8.5CVSS6.9AI score0.00243EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/08 12:0 a.m.5 views

EUVD-2025-33296

HAProxy Kubernetes Ingress Controller before 3.1.13, when the config-snippets feature flag is used, accepts config snippets from users with create/update permissions. This can result in obtaining an ingress token secret as a response. The fixed versions of HAProxy Enterprise Kubernetes Ingress...

6.4CVSS6.3AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 9:18 p.m.9 views

CVE-2021-32783

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

8.5CVSS6.7AI score0.01151EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/10 9:46 a.m.58 views

Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities (CVE-2023-5043, CVE-2023-5044, CVE-2022-4886)

Summary IBM Cloud Kubernetes Service is affected by Kubernetes Ingress Controller security vulnerabilities where a user that can create or update Ingress objects can use the nginx.ingress.kubernetes.io/configuration-snippet annotation CVE-2023-5043 or the...

8.8CVSS7.4AI score0.56568EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2021/07/23 9:50 p.m.25 views

CVE-2021-32783 Authorization bypass in Contour

Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...

8.5CVSS8.6AI score0.01151EPSS
Exploits0References3
Wallarm Lab
Wallarm Lab
added 2018/08/21 4:58 p.m.46 views

What’s New in Wallarm Node 2.10

We have recently released a new version of Wallarm Node. After your next update window, you will see some new features your DevOps team is certain to like. Firstly, your monitoring and reporting got a lot livelier. Starting with this version in addition to JSON format metrics can be exported in...

0.3AI score
Exploits0
Rows per page
Query Builder