RSS   Podatności dla 'Ingress-nginx'   RSS

2022-05-06
 
CVE-2021-25746

CWE-20
 

 
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

 
2021-10-29
 
CVE-2021-25742

NVD-CWE-noinfo
 

 
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

 
2020-07-29
 
CVE-2020-8553

CWE-610
 

 
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.

 

 >>> Vendor: Kubernetes 12 Produkty
JAVA
Kubernetes
Minikube
Kube-state-metrics
Cri-o
External-provisioner
External-resizer
External-snapshotter
Nginx ingress controller
Ingress-nginx
Secrets store csi driver
Aws-iam-authenticator


Copyright 2024, cxsecurity.com

 

Back to Top