CVE-2026-41246
- EPSS 0.44%
- Veröffentlicht 23.04.2026 18:44:39
- Zuletzt bearbeitet 28.04.2026 19:04:03
Contour is a Kubernetes ingress controller using Envoy proxy. From v1.19.0 to before v1.33.4, v1.32.5, and v1.31.6, Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProx...
CVE-2024-36539
- EPSS 1.26%
- Veröffentlicht 24.07.2024 17:15:10
- Zuletzt bearbeitet 27.06.2025 16:50:09
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2023-44487
- EPSS 100%
- Veröffentlicht 10.10.2023 14:15:10
- Zuletzt bearbeitet 12.05.2026 15:10:32
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-32783
- EPSS 1.15%
- Veröffentlicht 23.07.2021 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:07:43
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy ...
CVE-2020-15127
- EPSS 1.38%
- Veröffentlicht 05.08.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 05:04:53
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdo...