Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ingress-nginx vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv3
CVE-2021-25742
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Kubernetes Ingress-nginx
Kubernetes Ingress-nginx 1.0.0
Netapp Trident -
2 Github repositories
6.5
CVSSv3
CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Kubernetes Ingress-nginx
1 Article
8.1
CVSSv3
CVE-2021-25745
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In t...
Kubernetes Ingress-nginx
7.1
CVSSv3
CVE-2021-25746
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configur...
Kubernetes Ingress-nginx
6.5
CVSSv3
CVE-2021-25748
A security issue exists in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obta...
Kubernetes Ingress-nginx
5.9
CVSSv3
CVE-2020-8553
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyph...
Kubernetes Ingress-nginx
8.8
CVSSv3
CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution.
Kubernetes Ingress-nginx
1 Github repository
1 Article
8.8
CVSSv3
CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Kubernetes Ingress-nginx
3 Github repositories
1 Article
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started