Количество 10
Количество 10
GHSA-823x-fv5p-h7hw
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
BDU:2025-05140
Уязвимость контроллера входящего трафика в кластере Kubernetes ingress-nginx, связанная с ошибками при обработке аннотаций Ingress-объектов, позволяющая нарушителю выполнить произвольный код
CVE-2025-24514
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-24513
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-1974
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-1098
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
CVE-2025-1097
Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller
ROS-20250417-05
Множественные уязвимости golang-k8s-ingress-nginx
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-823x-fv5p-h7hw ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation | CVSS3: 8.8 | 10% Средний | 8 месяцев назад |
 | CVE-2025-1097 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | 10% Средний | 8 месяцев назад | |
 | CVE-2025-1097 A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | CVSS3: 8.8 | 10% Средний | 8 месяцев назад |
 | BDU:2025-05140 Уязвимость контроллера входящего трафика в кластере Kubernetes ingress-nginx, связанная с ошибками при обработке аннотаций Ingress-объектов, позволяющая нарушителю выполнить произвольный код | CVSS3: 8.8 | 10% Средний | 8 месяцев назад |
 | CVE-2025-24514 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 38% Средний | 8 месяцев назад | |
| CVE-2025-24513 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 0% Низкий | 8 месяцев назад | |
| CVE-2025-1974 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 88% Высокий | 8 месяцев назад | |
| CVE-2025-1098 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 38% Средний | 8 месяцев назад | |
| CVE-2025-1097 Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller | 10% Средний | 8 месяцев назад | |
 | ROS-20250417-05 Множественные уязвимости golang-k8s-ingress-nginx | CVSS3: 9.8 | 7 месяцев назад |
Уязвимостей на страницу