Количество 10
Количество 10
CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
GHSA-823x-fv5p-h7hw
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
BDU:2025-05140
Уязвимость контроллера входящего трафика в кластере Kubernetes ingress-nginx, связанная с ошибками при обработке аннотаций Ingress-объектов, позволяющая нарушителю выполнить произвольный код
CVE-2025-24514
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-24513
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-1974
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-1098
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-1097
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
ROS-20250417-05
Множественные уязвимости golang-k8s-ingress-nginx
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-1097 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | 8% Низкий | 3 месяца назад | |
 | CVE-2025-1097 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | CVSS3: 8.8 | 8% Низкий | 3 месяца назад |
| GHSA-823x-fv5p-h7hw ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation | CVSS3: 8.8 | 8% Низкий | 3 месяца назад |
 | BDU:2025-05140 Уязвимость контроллера входящего трафика в кластере Kubernetes ingress-nginx, связанная с ошибками при обработке аннотаций Ingress-объектов, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 8% Низкий | 3 месяца назад |
 | CVE-2025-24514 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 31% Средний | 3 месяца назад | |
| CVE-2025-24513 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 0% Низкий | 3 месяца назад | |
| CVE-2025-1974 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 87% Высокий | 3 месяца назад | |
| CVE-2025-1098 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 40% Средний | 3 месяца назад | |
| CVE-2025-1097 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 8% Низкий | 3 месяца назад | |
 | ROS-20250417-05 Множественные уязвимости golang-k8s-ingress-nginx | CVSS3: 9.8 | 2 месяца назад |
Уязвимостей на страницу