Bitnami package
nginx-ingress-controller
pkg:bitnami/nginx-ingress-controller
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-44487 | Hig | 7.5 | KEV | < 1.9.3 | 1.9.3 | Oct 10, 2023 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2022-41743 | — | >= 1.9.0, < 1.12.4 | 1.12.4 | Oct 19, 2022 | NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects | ||
| CVE-2022-41742 | — | >= 1.9.0, < 1.12.4 | 1.12.4 | Oct 19, 2022 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process | ||
| CVE-2022-41741 | — | >= 1.9.0, < 1.12.4 | 1.12.4 | Oct 19, 2022 | NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m | ||
| CVE-2022-30535 | — | >= 1.0.0, < 2.3.0 | 2.3.0 | Aug 4, 2022 | In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||
| CVE-2021-23055 | — | >= 1.0.0, < 1.12.3 | 1.12.3 | Apr 21, 2022 | On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. |
- affected < 1.9.3fixed 1.9.3
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
- CVE-2022-41743Oct 19, 2022affected >= 1.9.0, < 1.12.4fixed 1.12.4
NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_hls_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact using a specially crafted audio or video file. The issue affects
- CVE-2022-41742Oct 19, 2022affected >= 1.9.0, < 1.12.4fixed 1.12.4
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to cause a worker process
- CVE-2022-41741Oct 19, 2022affected >= 1.9.0, < 1.12.4fixed 1.12.4
NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker m
- CVE-2022-30535Aug 4, 2022affected >= 1.0.0, < 2.3.0fixed 2.3.0
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
- CVE-2021-23055Apr 21, 2022affected >= 1.0.0, < 1.12.3fixed 1.12.3
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.