CVE-2024-36539
- EPSS 11.1%
- Published 24.07.2024 17:15:10
- Last modified 27.06.2025 16:50:09
Insecure permissions in contour v1.28.3 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token.
CVE-2023-44487
- EPSS 94.44%
- Published 10.10.2023 14:15:10
- Last modified 11.06.2025 17:29:54
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-32783
- EPSS 0.27%
- Published 23.07.2021 22:15:08
- Last modified 21.11.2024 06:07:43
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy ...
CVE-2020-15127
- EPSS 0.31%
- Published 05.08.2020 21:15:12
- Last modified 21.11.2024 05:04:53
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. GET requests to /shutdown on port 8090 of the Envoy pod initiate Envoy's shutdo...