Описание
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Ссылки
- Issue TrackingMitigationThird Party Advisory
- Issue TrackingMitigationThird Party Advisory
- Third Party Advisory
- Issue TrackingMitigationThird Party Advisory
- Issue TrackingMitigationThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
7.6 High
CVSS3
7.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
EPSS
7.6 High
CVSS3
7.1 High
CVSS3
5.5 Medium
CVSS2