Описание
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Ссылки
- Issue TrackingMitigationVendor Advisory
- Mailing ListMitigationVendor Advisory
- Issue TrackingMitigationVendor Advisory
- Mailing ListMitigationVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.1 (исключая)
cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.00041
Низкий
7.6 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 6.5
github
больше 2 лет назад
Ingress-nginx `path` sanitization can be bypassed with newline character
EPSS
Процентиль: 12%
0.00041
Низкий
7.6 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo