The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or...
5.9CVSS
5.9AI Score
0.001EPSS
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
7.6CVSS
6.6AI Score
0.001EPSS
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default ...
8.1CVSS
7.8AI Score
0.001EPSS
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that...
7.6CVSS
6.9AI Score
0.002EPSS
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credential...
7.6CVSS
6.3AI Score
0.001EPSS
8.8CVSS
6.4AI Score
0.001EPSS
8.8CVSS
8.8AI Score
0.002EPSS
8.8CVSS
8.8AI Score
0.001EPSS