Nginx Ingress Controller@* Security Vulnerabilities and Issues — Nginx Ingress Controller@* CVE List

Lucene search

F5Nginx Ingress Controller*

7 matches found

CVE•added 2023/10/10 2:15 p.m.•4408 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94434EPSS

CVE•added 2022/10/19 10:15 p.m.•1207 views

CVE-2022-41741

NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in...

7.8CVSS7.1AI score0.00857EPSS

CVE•added 2024/11/06 5:15 p.m.•598 views

CVE-2024-10318

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they c...

5.4CVSS5.2AI score0.00079EPSS

CVE•added 2022/10/19 10:15 p.m.•517 views

CVE-2022-41742

7.1CVSS7AI score0.00073EPSS

CVE•added 2022/04/21 7:15 p.m.•91 views

CVE-2021-23055

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5CVSS6.5AI score0.00221EPSS

CVE•added 2022/08/04 6:15 p.m.•84 views

CVE-2022-30535

In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

6.5CVSS6.7AI score0.00478EPSS

CVE•added 2022/10/19 10:15 p.m.•76 views

CVE-2022-41743

NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus whe...

7CVSS6.9AI score0.00083EPSS