CVE-2023-5044
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
25/10/2023
Last modified:
13/02/2025
Description
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Impact
Base Score 3.x
7.60
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:* | 1.9.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2023/10/25/3
- https://github.com/kubernetes/ingress-nginx/issues/10572
- https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0
- https://security.netapp.com/advisory/ntap-20240307-0012/
- http://www.openwall.com/lists/oss-security/2023/10/25/3
- https://github.com/kubernetes/ingress-nginx/issues/10572
- https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0
- https://security.netapp.com/advisory/ntap-20240307-0012/