Lucene search
+L

23 matches found

packetstormnews
packetstormnews
added 2026/05/08 12:0 a.m.12 views

ingress-nginx Configuration Injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.3AI score0.06669EPSS
Exploits1
osv
osv
added 2026/03/12 8:44 a.m.5 views

BIT-NGINX-INGRESS-CONTROLLER-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.3AI score0.06669EPSS
Exploits1References4
nessus
nessus
added 2026/03/12 12:0 a.m.17 views

Ingress-NGINX Controller < 1.13.8 / 1.14.x < 1.14.4 / 1.15.x < 1.15.0 Configuration Injection

The version of Ingress-NGINX controller installed on the remote host is prior to 1.13.8, 1.14.4, or 1.15.0. It is, therefore, affected by a configuration injection vulnerability. A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotati...

8.8CVSS7.7AI score0.06669EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/03/11 7:8 a.m.10 views

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.2AI score0.06669EPSS
Exploits1References1
euvd
euvd
added 2026/03/09 9:31 p.m.7 views

EUVD-2026-10360

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.2AI score0.06669EPSS
Exploits1References2
nvd
nvd
added 2026/03/09 9:16 p.m.8 views

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS0.06669EPSS
Exploits1References3
attackerkb
attackerkb
added 2026/03/09 9:0 p.m.5 views

CVE-2026-3288

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.2AI score0.06669EPSS
Exploits1References2
cvelist
cvelist
added 2026/03/09 9:0 p.m.33 views

CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS0.06669EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/03/09 9:0 p.m.2 views

CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS6.2AI score0.06669EPSS
Exploits1References1
cve
cve
added 2026/03/09 9:0 p.m.48 views

CVE-2026-3288

Summary: CVE-2026-3288 concerns ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target annotation can inject configuration into nginx, enabling arbitrary code execution in the ingress-nginx controller and disclosure of Secrets accessible to the controller. The default installation can...

8.8CVSS6.2AI score0.06669EPSS
Exploits1References3Affected Software1
osv
osv
added 2026/03/09 9:0 p.m.4 views

CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection

A security issue was discovered in ingress-nginx where the nginx.ingress.kubernetes.io/rewrite-target Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible t...

8.8CVSS7.7AI score0.06669EPSS
Exploits1References6
cnnvd
cnnvd
added 2026/03/09 12:0 a.m.10 views

Kubernetes ingress-nginx 安全漏洞

Kubernetes ingress-nginx is a Kubernetes entry controller open-sourced by the Cloud Native Computing Foundation. It uses NGINX as a reverse proxy and load balancer. There is a security vulnerability in Kubernetes ingress-nginx, where the comment on nginx.ingress.kubernetes.io/rewrite-target can b...

8.8CVSS7.7AI score0.06669EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/03/09 12:0 a.m.9 views

PT-2026-24119

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.13.7 ingress-nginx versions prior to 1.14.3 Description A security issue exists due to insufficient input validation when processing Ingress resource annotations. An attacker can use the...

9CVSS7.9AI score0.06669EPSS
Exploits1References32
redhatcve
redhatcve
added 2025/12/18 4:35 p.m.9 views

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.9AI score0.00373EPSS
Exploits0References1
euvd
euvd
added 2025/12/17 6:31 p.m.8 views

EUVD-2025-203903

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.4AI score0.00373EPSS
Exploits0References2
snyk
snyk
added 2025/12/17 4:42 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via improper validation of the nginx.org/rewrite-target annotation. An attacker can access or modify unauthorized files or directories by supplying crafted input to the annotation. Details A Directory Traversal attac...

8.7CVSS7.5AI score0.00373EPSS
Exploits0References2
osv
osv
added 2025/12/17 4:16 p.m.5 views

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS6.8AI score
Exploits0References1
nvd
nvd
added 2025/12/17 4:16 p.m.16 views

CVE-2025-14727

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00373EPSS
Exploits0References1
cve
cve
added 2025/12/17 3:48 p.m.49 views

CVE-2025-14727

CVE-2025-14727 affects the NGINX Ingress Controller due to improper validation of the nginx.org/rewrite-target annotation, enabling a path traversal style issue. The F5 advisory notes that the vulnerability is present in the 5.x line (5.3.0) and fixes were introduced in 5.3.1; other branches have...

8.7CVSS6.5AI score0.00373EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2025/12/17 3:48 p.m.36 views

CVE-2025-14727 NGINX Ingress Controller vulnerability

A vulnerability exists in NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00373EPSS
Exploits0References1
Rows per page
Query Builder