CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8553

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.9%

CVSS Severity

CVSS v3 Score 5.9

CVSS v2 Score 4.9

References

Products affected by CVE-2020-8553

Kubernetes » Ingress-Nginx » Version: N/A

cpe:2.3:a:kubernetes:ingress-nginx:-
Kubernetes » Ingress-Nginx » Version: 0.10.0

cpe:2.3:a:kubernetes:ingress-nginx:0.10.0
Kubernetes » Ingress-Nginx » Version: 0.10.1

cpe:2.3:a:kubernetes:ingress-nginx:0.10.1
Kubernetes » Ingress-Nginx » Version: 0.10.2

cpe:2.3:a:kubernetes:ingress-nginx:0.10.2
Kubernetes » Ingress-Nginx » Version: 0.11.0

cpe:2.3:a:kubernetes:ingress-nginx:0.11.0
Kubernetes » Ingress-Nginx » Version: 0.12.0

cpe:2.3:a:kubernetes:ingress-nginx:0.12.0
Kubernetes » Ingress-Nginx » Version: 0.13.0

cpe:2.3:a:kubernetes:ingress-nginx:0.13.0
Kubernetes » Ingress-Nginx » Version: 0.14.0

cpe:2.3:a:kubernetes:ingress-nginx:0.14.0
Kubernetes » Ingress-Nginx » Version: 0.15.0

cpe:2.3:a:kubernetes:ingress-nginx:0.15.0
Kubernetes » Ingress-Nginx » Version: 0.16.0

cpe:2.3:a:kubernetes:ingress-nginx:0.16.0
Kubernetes » Ingress-Nginx » Version: 0.16.1

cpe:2.3:a:kubernetes:ingress-nginx:0.16.1
Kubernetes » Ingress-Nginx » Version: 0.16.2

cpe:2.3:a:kubernetes:ingress-nginx:0.16.2
Kubernetes » Ingress-Nginx » Version: 0.17.0

cpe:2.3:a:kubernetes:ingress-nginx:0.17.0
Kubernetes » Ingress-Nginx » Version: 0.17.1

cpe:2.3:a:kubernetes:ingress-nginx:0.17.1
Kubernetes » Ingress-Nginx » Version: 0.18.0

cpe:2.3:a:kubernetes:ingress-nginx:0.18.0
Kubernetes » Ingress-Nginx » Version: 0.19.0

cpe:2.3:a:kubernetes:ingress-nginx:0.19.0
Kubernetes » Ingress-Nginx » Version: 0.20.0

cpe:2.3:a:kubernetes:ingress-nginx:0.20.0
Kubernetes » Ingress-Nginx » Version: 0.21.0

cpe:2.3:a:kubernetes:ingress-nginx:0.21.0
Kubernetes » Ingress-Nginx » Version: 0.22.0

cpe:2.3:a:kubernetes:ingress-nginx:0.22.0
Kubernetes » Ingress-Nginx » Version: 0.23.0

cpe:2.3:a:kubernetes:ingress-nginx:0.23.0
Kubernetes » Ingress-Nginx » Version: 0.24.0

cpe:2.3:a:kubernetes:ingress-nginx:0.24.0
Kubernetes » Ingress-Nginx » Version: 0.24.1

cpe:2.3:a:kubernetes:ingress-nginx:0.24.1
Kubernetes » Ingress-Nginx » Version: 0.25.0

cpe:2.3:a:kubernetes:ingress-nginx:0.25.0
Kubernetes » Ingress-Nginx » Version: 0.25.1

cpe:2.3:a:kubernetes:ingress-nginx:0.25.1
Kubernetes » Ingress-Nginx » Version: 0.26.0

cpe:2.3:a:kubernetes:ingress-nginx:0.26.0
Kubernetes » Ingress-Nginx » Version: 0.26.1

cpe:2.3:a:kubernetes:ingress-nginx:0.26.1
Kubernetes » Ingress-Nginx » Version: 0.26.2

cpe:2.3:a:kubernetes:ingress-nginx:0.26.2
Kubernetes » Ingress-Nginx » Version: 0.27.0

cpe:2.3:a:kubernetes:ingress-nginx:0.27.0
Kubernetes » Ingress-Nginx » Version: 0.27.1

cpe:2.3:a:kubernetes:ingress-nginx:0.27.1
Kubernetes » Ingress-Nginx » Version: 0.9.0

cpe:2.3:a:kubernetes:ingress-nginx:0.9.0
Kubernetes » Ingress-Nginx » Version: 0.9.1

cpe:2.3:a:kubernetes:ingress-nginx:0.9.1
Kubernetes » Ingress-Nginx » Version: 0.9.2

cpe:2.3:a:kubernetes:ingress-nginx:0.9.2
Kubernetes » Ingress-Nginx » Version: 0.9.3

cpe:2.3:a:kubernetes:ingress-nginx:0.9.3
Kubernetes » Ingress-Nginx » Version: 0.9.4

cpe:2.3:a:kubernetes:ingress-nginx:0.9.4
Kubernetes » Ingress-Nginx » Version: 0.9.5

cpe:2.3:a:kubernetes:ingress-nginx:0.9.5
Kubernetes » Ingress-Nginx » Version: 0.9.6

cpe:2.3:a:kubernetes:ingress-nginx:0.9.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-8553

Products

Pricing

Contact Us