Skip to main content

Ingress Nginx

4 CVEs product

Monthly

CVE-2023-5044 Go HIGH PATCH This Week

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
56.6%
CVE-2023-5043 Go HIGH PATCH This Week

Ingress nginx annotation injection causes arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2021-25742 HIGH POC This Week

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Ingress Nginx Trident
NVD GitHub
CVSS 3.1
7.1
EPSS
1.8%
CVE-2020-8553 Go MEDIUM PATCH This Month

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
EPSS 57% CVSS 8.8
HIGH PATCH This Week

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Code Injection Nginx +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Ingress nginx annotation injection causes arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nginx Ingress Nginx
NVD GitHub
EPSS 2% CVSS 7.1
HIGH POC This Week

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nginx Information Disclosure Ingress Nginx +1
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Kubernetes Nginx +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy