Vulnerabilities > CVE-2022-4886 - Unspecified vulnerability in Kubernetes Ingress-Nginx
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Vulnerable Configurations
Related news
References
- http://www.openwall.com/lists/oss-security/2023/10/25/5
- http://www.openwall.com/lists/oss-security/2023/10/25/5
- https://github.com/kubernetes/ingress-nginx/issues/10570
- https://github.com/kubernetes/ingress-nginx/issues/10570
- https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI
- https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI
- https://security.netapp.com/advisory/ntap-20240307-0013/
- https://security.netapp.com/advisory/ntap-20240307-0013/