Kubernetes Ingress Nginx
By the Year
In 2022 there have been 2 vulnerabilities in Kubernetes Ingress Nginx with an average score of 7.6 out of ten. Last year Ingress Nginx had 1 security vulnerability published. That is, 1 more vulnerability have already been reported in 2022 as compared to last year. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.50.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2022 | 2 | 7.60 |
| 2021 | 1 | 7.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ingress Nginx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kubernetes Ingress Nginx Security Vulnerabilities
A security issue was discovered in ingress-nginx where a user
CVE-2021-25746
7.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25745
8.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25742
7.1 - High
- October 29, 2021
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp Trident or by Kubernetes? Click the Watch button to subscribe.
