Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-1974

Опубликовано: 24 мар. 2025
Источник: redhat
CVSS3: 9.8
EPSS Критический

Описание

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

A flaw was found in Kubernetes where, under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This issue can lead to the disclosure of Secrets accessible to the controller. Note that the controller can access all Secrets cluster-wide in the default installation.

Отчет

Red Hat Product Security has determined that this vulnerability does not affect any currently supported Red Hat product. Ingress-NGINX is not the default ingress controller shipped with Red Hat OpenShift. Instead, Red Hat OpenShift ships with and supports its own ingress controller based on HAProxy, known as the OpenShift Router. This controller is fully integrated with OpenShift's networking and security models and is managed by the Ingress Operator.

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-653
https://bugzilla.redhat.com/show_bug.cgi?id=2354661ingress-nginx: ingress-nginx admission controller RCE escalation

EPSS

Процентиль: 100%
0.90252
Критический

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-1974

CVSS3: 9.8
nvd
около 1 года назад

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

github логотип

GHSA-mgvx-rpfc-9mpv

CVSS3: 9.8
github
около 1 года назад

ingress-nginx admission controller RCE escalation

fstec логотип

BDU:2025-03219

CVSS3: 9.8
fstec
около 1 года назад

Уязвимость контроллера входящего трафика в кластере Kubernetes ingress-nginx, связанная с недостаточным пространственным разделением, позволяющая нарушителю выполнить произвольный код

msrc логотип

CVE-2025-24514

msrc
около 1 года назад

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

msrc логотип

CVE-2025-24513

msrc
около 1 года назад

Kubernetes: Vulnerability in Kubernetes NGINX Ingress Controller

EPSS

Процентиль: 100%
0.90252
Критический

9.8 Critical

CVSS3