Lucene search
K

268 matches found

Chainguard
Chainguard
added 2025/03/26 10:13 p.m.17 views

GHSA-MGVX-RPFC-9MPV vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2025/03/26 10:13 p.m.15 views

GHSA-823X-FV5P-H7HW vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2025/03/26 10:13 p.m.12 views

GHSA-FWWP-XCXW-39VQ vulnerabilities

Vulnerabilities for packages: ingress-nginx-controller-fips, ingress-nginx-controller...

5.8AI score
Exploits0
OSV
OSV
added 2025/03/26 7:24 a.m.10 views

BIT-NGINX-INGRESS-CONTROLLER-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx...

8.8CVSS9.3AI score0.83066EPSS
Exploits7References4
OSV
OSV
added 2025/03/26 7:24 a.m.13 views

BIT-NGINX-INGRESS-CONTROLLER-2025-1974 ingress-nginx admission controller RCE escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS9.7AI score0.99098EPSS
Exploits20References5
Tenable Nessus
Tenable Nessus
added 2025/03/26 12:0 a.m.4 views

Kubernetes Ingress NGINX Controller Installed (Linux)

Binary data kubernetesingressnginxcontrollerlinuxinstalled.nbin...

7.3AI score
Exploits0References1
OSV
OSV
added 2025/03/25 7:38 p.m.8 views

GO-2025-3564 ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx

ingress-nginx controller - auth secret file path traversal vulnerability in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

4.8CVSS5AI score0.03517EPSS
Exploits0References6
OSV
OSV
added 2025/03/25 7:38 p.m.14 views

GO-2025-3566 ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx

ingress-nginx controller - configuration injection via unsanitized auth-url annotation in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...

8.8CVSS8.7AI score0.31809EPSS
Exploits8References6
OSV
OSV
added 2025/03/25 7:38 p.m.20 views

GO-2025-3568 ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx

ingress-nginx controller - configuration injection via unsanitized mirror annotations in k8s.io/ingress-nginx. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

8.8CVSS8.7AI score0.83066EPSS
Exploits7References6
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.7 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.2AI score0.99098EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/03/25 4:10 p.m.34 views

Multiple vulnerabilities in Ingress NGINX Controller for Kubernetes

On March 24, 2025, Kubernetes disclosed 5 new vulnerabilities affecting the Ingress NGINX Controller for Kubernetes. Successful exploitation could allow attackers access to all secrets stored across all namespaces in the Kubernetes cluster, which could result in cluster takeover. CVE-2025-1974 9....

9.8CVSS8.1AI score0.99098EPSS
Exploits21
Github Security Blog
Github Security Blog
added 2025/03/25 12:30 a.m.33 views

ingress-nginx admission controller RCE escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS8AI score0.99098EPSS
Exploits20References10Affected Software1
NVD
NVD
added 2025/03/25 12:15 a.m.27 views

CVE-2025-1974

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS0.99098EPSS
Exploits20References4
Cvelist
Cvelist
added 2025/03/24 11:29 p.m.27 views

CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...

8.8CVSS0.31809EPSS
Exploits8References1
Vulnrichment
Vulnrichment
added 2025/03/24 11:28 p.m.20 views

CVE-2025-1974 ingress-nginx admission controller RCE escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS8.1AI score0.99098EPSS
Exploits20References1
Cvelist
Cvelist
added 2025/03/24 11:28 p.m.30 views

CVE-2025-1974 ingress-nginx admission controller RCE escalation

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. Note...

9.8CVSS0.99098EPSS
Exploits20References1
CVE
CVE
added 2025/03/24 11:28 p.m.609 views

CVE-2025-1974

CVE-2025-1974 affects the Ingress-NGINX controller in Kubernetes, enabling unauthenticated code execution when a pod-network–reachable attacker can reach the admission/controller path. Public exploits exist (Ingress-NGINX Admission Controller RCE and related PoCs), with published exploit details ...

9.8CVSS8.1AI score0.99098EPSS
Exploits20References4
The Hacker News
The Hacker News
added 2025/03/24 6:55 p.m.65 views

Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities...

9.8CVSS9.3AI score0.99098EPSS
Exploits21
CNNVD
CNNVD
added 2025/03/24 12:0 a.m.4 views

Kubernetes ingress-nginx 输入验证错误漏洞

Ingress NGINX Controller is an open source portal controller that uses NGINX as a reverse proxy and load balancer. Ingress NGINX Controller suffers from a remote code execution vulnerability that can be exploited by an attacker to gain access to sensitive data such as credentials and keys across...

8.8CVSS8.1AI score0.31809EPSS
Exploits8References2
Wolfi
Wolfi
added 2024/09/03 7:49 p.m.15 views

GHSA-JFVP-7X6P-H2PV vulnerabilities

Vulnerabilities for packages: buildah, opentelemetry-collector-contrib, grafana-alloy, podman, ctop, kubernetes, docker, k3s, syft, neuvector-scanner, grype, runc, k8s-device-plugin, cadvisor...

5.8AI score
Exploits0
Rows per page
Query Builder