Lucene search

Ingress-Nginx Security Vulnerabilities - 2023

cve

CVE-2021-25748

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credential...

7.6CVSS

6.3AI Score

0.001EPSS

2023-05-24 05:15 PM

cve

CVE-2022-4886

Ingress-nginx path sanitization can be bypassed with log_format directive.

8.8CVSS

6.4AI Score

0.001EPSS

2023-10-25 08:15 PM

112

cve

CVE-2023-5043

Ingress nginx annotation injection causes arbitrary command execution.

8.8CVSS

8.8AI Score

0.003EPSS

2023-10-25 08:15 PM

185

cve

CVE-2023-5044

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.

8.8CVSS

8.8AI Score

0.001EPSS

2023-10-25 08:15 PM

185