Aqua Vulnerability Database
Get Demo
Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities
CVE-2022-4886
Published:
Oct 25, 2023
| Modified:
Mar 07, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVD
https://nvd.nist.gov/vuln/detail/CVE-2022-4886
CWE
https://cwe.mitre.org/data/definitions/.html
Ingress-nginx
path
sanitization can be bypassed with
log_format
directive.
Affected Software
Name
Vendor
Start Version
End Version
Ingress-nginx
Kubernetes
*
1.8.0 (excluding)
References
http://www.openwall.com/lists/oss-security/2023/10/25/5
https://github.com/kubernetes/ingress-nginx/issues/10570
https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI
https://security.netapp.com/advisory/ntap-20240307-0013/
Aqua Container Security