Kubernetes Ingress Nginx
By the Year
In 2023 there have been 1 vulnerability in Kubernetes Ingress Nginx with an average score of 6.5 out of ten. Last year Ingress Nginx had 2 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. Last year, the average CVE base score was greater by 1.10
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 1 | 6.50 |
| 2022 | 2 | 7.60 |
| 2021 | 1 | 7.10 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Ingress Nginx vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Kubernetes Ingress Nginx Security Vulnerabilities
A security issue was discovered in ingress-nginx where a user
CVE-2021-25748
6.5 - Medium
- May 24, 2023
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
A security issue was discovered in ingress-nginx where a user
CVE-2021-25746
7.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25745
8.1 - High
- May 06, 2022
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Improper Input Validation
A security issue was discovered in ingress-nginx where a user
CVE-2021-25742
7.1 - High
- October 29, 2021
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for NetApp Trident or by Kubernetes? Click the Watch button to subscribe.
