Kubernetes Ingress Nginx
By the Year
In 2024 there have been 0 vulnerabilities in Kubernetes Ingress Nginx . Last year Ingress Nginx had 4 security vulnerabilities published. Right now, Ingress Nginx is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 4 | 7.65 |
| 2022 | 2 | 7.60 |
| 2021 | 1 | 7.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ingress Nginx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kubernetes Ingress Nginx Security Vulnerabilities
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
CVE-2023-5044
8.8 - High
- October 25, 2023
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Code Injection
Ingress nginx annotation injection causes arbitrary command execution.
CVE-2023-5043
8.8 - High
- October 25, 2023
Ingress nginx annotation injection causes arbitrary command execution.
Injection
Ingress-nginx `path` sanitization
CVE-2022-4886
6.5 - Medium
- October 25, 2023
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
A security issue was discovered in ingress-nginx where a user
CVE-2021-25748
6.5 - Medium
- May 24, 2023
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
A security issue was discovered in ingress-nginx where a user
CVE-2021-25746
7.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25745
8.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25742
7.1 - High
- October 29, 2021
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp Trident or by Kubernetes? Click the Watch button to subscribe.
