Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NKubernetes nginx Ingress Controller
APPKubernetes< 1.5.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
Related vulnerabilities
CVE-2026-4342HIGH8.8ten sam produkt
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inj...
CVE-2026-33519CRITICAL9.8PL ✓ten sam vendor
Nieprawidłowa autoryzacja w Esri Portal for ArcGIS — obejście uprawnień
CVE-2025-57870CRITICAL10.0PL ✓ten sam vendor
SQL Injection w Esri ArcGIS Server — zdalny dostęp bez uwierzytelnienia
CVE-2023-1174CRITICAL9.8ten sam vendor
This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable un...
CVE-2020-8570CRITICAL9.1ten sam vendor
Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside o...