Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.7 views

CVE-2026-4342

A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. Note that i...

8.8CVSS6.4AI score0.01494EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.7 views

PT-2026-24119

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 ingress-nginx versions prior to 1.14.3 Description A security issue exists due to insufficient input validation when processing Ingress resource annotations. An attacker can use the...

9CVSS7.9AI score0.06669EPSS
Exploits1References32
OSV
OSV
added 2026/02/16 3:57 p.m.4 views

BIT-NGINX-INGRESS-CONTROLLER-2026-1580 ingress-nginx auth-method nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/auth-method Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to t...

8.8CVSS6.4AI score0.00485EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/24 11:43 p.m.4 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation through the auth-url annotation which can be used to inject configuration into nginx. Remediation Upgrade k8s.io/ingress-nginx/internal/ingress/annotations/auth to version 1.11.5, 1.12.1, 4.11.5, 4.12.1 or...

8.8CVSS6.9AI score0.31809EPSS
Exploits8References2
Rows per page
Query Builder