Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-1097

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 24 ΠΌΠ°Ρ€. 2025
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: redhat

ОписаниС

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A flaw was found in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This issue can lead to arbitrary code execution in the context of the ingress-nginx controller and disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide in the default installation.

ΠžΡ‚Ρ‡Π΅Ρ‚

Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. This assessment may evolve based on further analysis and discovery. For more information about this vulnerability and the products it affects, please see the linked references.

Бсылки Π½Π° источники

Π”ΠΎΠΏΠΎΠ»Π½ΠΈΡ‚Π΅Π»ΡŒΠ½Π°Ρ информация

Π”Π΅Ρ„Π΅ΠΊΡ‚:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2354657ingress-nginx: ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

БвязанныС уязвимости

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-1097

CVSS3: 8.8
nvd
11 мСсяцСв Π½Π°Π·Π°Π΄

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

github Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

GHSA-823x-fv5p-h7hw

CVSS3: 8.8
github
11 мСсяцСв Π½Π°Π·Π°Π΄

ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation

fstec Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

BDU:2025-05140

CVSS3: 8.8
fstec
11 мСсяцСв Π½Π°Π·Π°Π΄

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ ΠΊΠΎΠ½Ρ‚Ρ€ΠΎΠ»Π»Π΅Ρ€Π° входящСго Ρ‚Ρ€Π°Ρ„ΠΈΠΊΠ° Π² кластСрС Kubernetes ingress-nginx, связанная с ошибками ΠΏΡ€ΠΈ ΠΎΠ±Ρ€Π°Π±ΠΎΡ‚ΠΊΠ΅ Π°Π½Π½ΠΎΡ‚Π°Ρ†ΠΈΠΉ Ingress-ΠΎΠ±ΡŠΠ΅ΠΊΡ‚ΠΎΠ², ΠΏΠΎΠ·Π²ΠΎΠ»ΡΡŽΡ‰Π°Ρ Π½Π°Ρ€ΡƒΡˆΠΈΡ‚Π΅Π»ΡŽ Π²Ρ‹ΠΏΠΎΠ»Π½ΠΈΡ‚ΡŒ ΠΏΡ€ΠΎΠΈΠ·Π²ΠΎΠ»ΡŒΠ½Ρ‹ΠΉ ΠΊΠΎΠ΄

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-24514

msrc
11 мСсяцСв Π½Π°Π·Π°Π΄

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

msrc Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2025-24513

msrc
11 мСсяцСв Π½Π°Π·Π°Π΄

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2025-1097