Описание
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
A flaw was found in Kubernetes where, under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This issue can lead to the disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide in the default installation.
Отчет
Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. Ingress-NGINX is not the default ingress controller shipped with Red Hat OpenShift. Instead, Red Hat OpenShift ships with and supports its own ingress controller based on HAProxy, known as the OpenShift Router. This controller is fully integrated with OpenShift's networking and security models and is managed by the Ingress Operator.
Ссылки на источники
Дополнительная информация
Связанные уязвимости
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Уязвимость контроллера входящего трафика в кластере Kubernetes ingress-nginx, связанная с недостаточным пространственным разделением, позволяющая нарушителю выполнить произвольный код
