Vulnerabilities > Kubernetes > Ingress Nginx > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5043 Injection vulnerability in Kubernetes Ingress-Nginx
Ingress nginx annotation injection causes arbitrary command execution.
network
low complexity
kubernetes CWE-74
8.8
2023-10-25 CVE-2023-5044 Code Injection vulnerability in Kubernetes Ingress-Nginx
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
network
low complexity
kubernetes CWE-94
8.8
2022-05-06 CVE-2021-25745 Improper Input Validation vulnerability in Kubernetes Ingress-Nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller.
network
low complexity
kubernetes CWE-20
8.1
2022-05-06 CVE-2021-25746 Improper Input Validation vulnerability in Kubernetes Ingress-Nginx
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller.
network
low complexity
kubernetes CWE-20
7.1
2021-10-29 CVE-2021-25742 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
network
low complexity
kubernetes netapp
7.1