N/A

On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

N/A

关键资源的不正确权限授予

F5 NGINX Ingress Controller 安全漏洞

F5 NGINX Ingress Controller是美国F5公司的一个流量管理解决方案，适用于 Kubernetes 和容器化环境中的云原生应用。 F5 NGINX Ingress Controller 存在安全漏洞，该漏洞源于Ingress无需设置 -enable-snippets 命令行即可配置资源争论。攻击者可利用该漏洞允许他们使用入口服务帐户权限。

N/A

N/A