A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HKubernetes nginx Ingress Controller
APPKubernetes1.15.0< 1.13.91.14.0 – 1.14.5 (bez)
Related vulnerabilities
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prome...
Nieprawidłowa autoryzacja w Esri Portal for ArcGIS — obejście uprawnień
SQL Injection w Esri ArcGIS Server — zdalny dostęp bez uwierzytelnienia
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable un...
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside o...