CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-24514 – ingress-nginx controller - configuration injection via unsanitized auth-url annotation
https://notcve.org/view.php?id=CVE-2025-24514
24 Mar 2025 — A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-24513 – ingress-nginx controller - auth secret file path traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-24513
24 Mar 2025 — A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster. • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2025-1098 – ingress-nginx controller - configuration injection via unsanitized mirror annotations
https://notcve.org/view.php?id=CVE-2025-1098
24 Mar 2025 — A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 3CVE-2025-1097 – ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
https://notcve.org/view.php?id=CVE-2025-1097
24 Mar 2025 — A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) • https://packetstorm.news/files/id/190070 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 83%CPEs: 2EXPL: 15CVE-2025-1974 – ingress-nginx admission controller RCE escalation
https://notcve.org/view.php?id=CVE-2025-1974
24 Mar 2025 — A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) • https://packetstorm.news/files/id/190070 • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.8EPSS: 33%CPEs: 2EXPL: 3CVE-2024-7646
https://notcve.org/view.php?id=CVE-2024-7646
16 Aug 2024 — A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. • https://github.com/UgOrange/CVE-2024-7646-poc • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 22%CPEs: 1EXPL: 3CVE-2023-5044 – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
https://notcve.org/view.php?id=CVE-2023-5044
25 Oct 2023 — Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Inyección de código a través de la anotación nginx.ingress.kubernetes.io/permanent-redirect. • https://github.com/r0binak/CVE-2023-5044 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 11%CPEs: 1EXPL: 1CVE-2023-5043 – Ingress nginx annotation injection causes arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-5043
25 Oct 2023 — Ingress nginx annotation injection causes arbitrary command execution. La inyección de anotaciones de Ingress nginx provoca la ejecución de comandos arbitrarios. • https://github.com/r0binak/CVE-2023-5043 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-4886 – Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
https://notcve.org/view.php?id=CVE-2022-4886
25 Oct 2023 — Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. La sanitización del parámetro `path` de Ingress-nginx se puede omitir con la directiva `log_format`. • http://www.openwall.com/lists/oss-security/2023/10/25/5 • CWE-20: Improper Input Validation •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25748 – Ingress-nginx `path` sanitization can be bypassed with newline character
https://notcve.org/view.php?id=CVE-2021-25748
24 May 2023 — A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. • https://github.com/kubernetes/ingress-nginx/issues/8686 • CWE-20: Improper Input Validation •