Lucene search
K
ZalandoSkipper

4 matches found

CVE
CVE
added 2022/10/24 12:0 a.m.111 views

CVE-2022-38580

Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF) via the X-Skipper-Proxy header. Multiple sources (Red Hat, OSV, ExploitDB, GHSA advisory) describe an SSRF condition allowing an attacker to access internal endpoints (e.g., AWS metadata) by sending requests with a craf...

9.8CVSS9.3AI score0.10573EPSS
Web
CVE
CVE
added 2022/06/22 12:57 p.m.93 views

CVE-2022-34296

CVE-2022-34296 affects the Zalando Skipper HTTP router/reverse proxy. In Skipper versions before 0.13.218, a flaw allows bypass of a query predicate via a prepared request, due to insufficient escaping/validation of application query predicates. This could enable an attacker to bypass predicate c...

7.5CVSS7.4AI score0.01094EPSS
CVE
CVE
added 2026/01/16 8:7 p.m.23 views

CVE-2026-23742

CVE-2026-23742 affects the Skipper HTTP router/proxy. The default -lua-sources=inline in versions before 0.23.0 lets untrusted users inject Lua filters that can read the host filesystem and, via logs, exfiltrate skipper secrets, potentially enabling arbitrary code execution. The issue is resolved...

8.8CVSS6.3AI score0.00473EPSS
CVE
CVE
added 2026/01/26 10:23 p.m.22 views

CVE-2026-24470

CVE-2026-24470 affects the Skipper HTTP router/reverse proxy. Before v0.24.0, when Skipper runs as an Ingress controller, users with Ingress and ExternalName Service permissions could create routes enabling Skipper’s network access to reach internal services. The issue is mitigated by disabling K...

8.1CVSS5.9AI score0.00267EPSS