dovics

1 exploit Active since Aug 2024
CVE-2024-7646 NOMISEC HIGH WORKING POC
Kubernetes ingress-nginx - Unauthenticated Command Injection via Ingress Annotation Bypass
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
1 stars
CVSS 8.8