MEDIUM 5.3 Go
Kubernetes ingress exposes sensitive information
GHSA-p3x5-5xpx-9phm · CVE-2018-1002104
Published · Modified
Description
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1002104
- WEB https://github.com/kubernetes/ingress-nginx/issues/1733
- WEB https://github.com/kubernetes/ingress-nginx/pull/3125
- WEB https://github.com/kubernetes/ingress-nginx/commit/d487a50e399100ad8db12ed1d2f92271f311f676
- PACKAGE https://github.com/kubernetes/ingress-nginx
Ready to move
Start Securing
Free, no credit card | First findings in minutes