F5 Networks Nginx Ingress Controller
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in F5 Networks Nginx Ingress Controller.
Recent F5 Networks Nginx Ingress Controller Security Advisories
Advisory | Title | Published |
---|---|---|
K01051452 | NGINX Ingress Controller vulnerability CVE-2021-23055 | November 10, 2021 |
By the Year
In 2025 there have been 0 vulnerabilities in F5 Networks Nginx Ingress Controller. Last year, in 2024 Nginx Ingress Controller had 1 security vulnerability published. Right now, Nginx Ingress Controller is on track to have less security vulnerabilities in 2025 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 0 | 0.00 |
2024 | 1 | 5.40 |
2023 | 1 | 7.50 |
2022 | 5 | 6.98 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Nginx Ingress Controller vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent F5 Networks Nginx Ingress Controller Security Vulnerabilities
NGINX OIDC Session Fixation Vulnerability
CVE-2024-10318
5.4 - Medium
- November 06, 2024
A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session.
Session Fixation
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module
CVE-2022-41743
7 - High
- October 19, 2022
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects only NGINX Plus when the hls directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_hls_module.
Memory Corruption
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module
CVE-2022-41742
7.1 - High
- October 19, 2022
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted audio or video file. The issue affects only NGINX products that are built with the module ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
Memory Corruption
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module
CVE-2022-41741
7.8 - High
- October 19, 2022
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.
Memory Corruption
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects
CVE-2022-30535
6.5 - Medium
- August 04, 2022
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Improper Input Validation
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction
CVE-2021-23055
6.5 - Medium
- April 21, 2022
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for F5 Networks Nginx Ingress Controller or by F5 Networks? Click the Watch button to subscribe.