mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-29 20:39:28 +02:00
0xMarcio
1.8 KiB
1.8 KiB
CVE-2025-1097
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
POC
Reference
No PoCs from references.
Github
- https://github.com/0xMarcio/cve
- https://github.com/B1ack4sh/Blackash-CVE-2025-1974
- https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
- https://github.com/GhostTroops/TOP
- https://github.com/Threekiii/CVE
- https://github.com/chhhd/CVE-2025-1974
- https://github.com/gian2dchris/ingress-nightmare-poc
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/hakaioffsec/IngressNightmare-PoC
- https://github.com/killsystema/IngressNightmare
- https://github.com/lufeirider/IngressNightmare-PoC
- https://github.com/moften/IngressNightmare-Vulnerability
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/salt318/CVE-2025-1974
- https://github.com/sandumjacob/IngressNightmare-POCs
- https://github.com/scottymcandrew/ingress-nightmare
- https://github.com/tanjiti/sec_profile