Ingress-Nginx Controller 漏洞列表

共找到 2 个与 Ingress-Nginx Controller 相关的漏洞

📅 加载漏洞趋势中...

CVE-2025-1097: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-tls-match-cn` Annotation POC

日期: 2025-08-01 | 影响软件: Ingress-Nginx Controller

A security issue was discovered in ingress-nginx https-//github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
CVE-2025-1974: Ingress-Nginx Controller - Remote Code Execution POC

日期: 2025-08-01 | 影响软件: Ingress-Nginx Controller

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)