mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
1.8 KiB
1.8 KiB
CVE-2025-1098
Description
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
POC
Reference
No PoCs from references.
Github
- https://github.com/0xMarcio/cve
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/B1ack4sh/Blackash-CVE-2025-1974
- https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps
- https://github.com/GhostTroops/TOP
- https://github.com/Threekiii/CVE
- https://github.com/chhhd/CVE-2025-1974
- https://github.com/gian2dchris/ingress-nightmare-poc
- https://github.com/giterlizzi/secdb-feeds
- https://github.com/hakaioffsec/IngressNightmare-PoC
- https://github.com/killsystema/IngressNightmare
- https://github.com/lufeirider/IngressNightmare-PoC
- https://github.com/moften/IngressNightmare-Vulnerability
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/salt318/CVE-2025-1974
- https://github.com/sandumjacob/IngressNightmare-POCs
- https://github.com/scottymcandrew/ingress-nightmare