CVE-2025-24513

MEDIUM Year: 2025
CVSS v3 Score
4.8
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

Related Vulnerabilities

CVE-2010-3359

MEDIUM
CVSS:4.8(Medium)

If LD_LIBRARY_PATH is undefined in gargoyle-free before 2009-08-25, the variable will point to the current directory. This can allow a local user to trick another user into running gargoyle in a direc...

CWE-202010

CVE-2011-4968

MEDIUM
CVSS:4.8(Medium)

nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)

CWE-202011

CVE-2019-12626

MEDIUM
CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS)...

CWE-202019

CVE-2019-1875

MEDIUM
CVSS:4.8(Medium)

A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the ...

CWE-202019

CVE-2020-15201

MEDIUM
CVSS:4.8(Medium)

In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the v...

CWE-202020

CVE-2020-15233

MEDIUM
CVSS:4.8(Medium)

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered ...

CWE-202020