Vulnerabilites related to kubernetes - ingress-nginx
cve-2021-25745
Vulnerability from cvelistv5
Published
2022-05-06 00:50
Modified
2024-09-16 18:24
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc | x_refsource_MISC | |
| https://github.com/kubernetes/ingress-nginx/issues/8502 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220609-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Version: unspecified < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:11:27.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8502", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Kubernetes ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.2.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Gafnit Amiga", }, ], datePublic: "2022-04-22T00:00:00", descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-09T18:06:16", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8502", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/8502", ], discovery: "EXTERNAL", }, title: "Ingress-nginx path can be pointed to service account token file", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@kubernetes.io", DATE_PUBLIC: "2022-04-22T16:30:00.000Z", ID: "CVE-2021-25745", STATE: "PUBLIC", TITLE: "Ingress-nginx path can be pointed to service account token file", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubernetes ingress-nginx", version: { version_data: [ { version_affected: "<", version_value: "1.2.0", }, ], }, }, ], }, vendor_name: "Kubernetes", }, ], }, }, credit: [ { lang: "eng", value: "Gafnit Amiga", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc", refsource: "MISC", url: "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc", }, { name: "https://github.com/kubernetes/ingress-nginx/issues/8502", refsource: "MISC", url: "https://github.com/kubernetes/ingress-nginx/issues/8502", }, { name: "https://security.netapp.com/advisory/ntap-20220609-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], }, source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/8502", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2021-25745", datePublished: "2022-05-06T00:50:14.042796Z", dateReserved: "2021-01-21T00:00:00", dateUpdated: "2024-09-16T18:24:11.711Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-25742
Vulnerability from cvelistv5
Published
2021-10-29 04:05
Modified
2024-09-16 23:06
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY | x_refsource_MISC | |
| https://github.com/kubernetes/ingress-nginx/issues/7837 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211203-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Version: unspecified < Version: unspecified < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:11:27.558Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/7837", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20211203-0001/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Kubernetes ingress-nginx", vendor: "Kubernetes", versions: [ { lessThanOrEqual: "0.49.0", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "unknown", version: "next of 0.49.0", versionType: "custom", }, { lessThanOrEqual: "1.0.0", status: "affected", version: "unspecified", versionType: "custom", }, { lessThan: "unspecified", status: "unknown", version: "next of 1.0.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Mitch Hulscher", }, ], datePublic: "2021-10-21T00:00:00", descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-06T00:50:12", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/kubernetes/ingress-nginx/issues/7837", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20211203-0001/", }, ], source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/7837", ], discovery: "EXTERNAL", }, title: "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces", workarounds: [ { lang: "en", value: "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions.", }, ], x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@kubernetes.io", DATE_PUBLIC: "2021-10-21T16:15:00.000Z", ID: "CVE-2021-25742", STATE: "PUBLIC", TITLE: "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubernetes ingress-nginx", version: { version_data: [ { version_affected: "<=", version_value: "0.49.0", }, { version_affected: ">?", version_value: "0.49.0", }, { version_affected: "<=", version_value: "1.0.0", }, { version_affected: ">?", version_value: "1.0.0", }, ], }, }, ], }, vendor_name: "Kubernetes", }, ], }, }, credit: [ { lang: "eng", value: "Mitch Hulscher", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", refsource: "MISC", url: "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", }, { name: "https://github.com/kubernetes/ingress-nginx/issues/7837", refsource: "MISC", url: "https://github.com/kubernetes/ingress-nginx/issues/7837", }, { name: "https://security.netapp.com/advisory/ntap-20211203-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20211203-0001/", }, ], }, source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/7837", ], discovery: "EXTERNAL", }, work_around: [ { lang: "en", value: "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions.", }, ], }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2021-25742", datePublished: "2021-10-29T04:05:10.713250Z", dateReserved: "2021-01-21T00:00:00", dateUpdated: "2024-09-16T23:06:12.392Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-25748
Vulnerability from cvelistv5
Published
2023-05-24 00:00
Modified
2025-01-16 21:23
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Version: unspecified < 1.2.1 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:11:28.404Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8", }, { tags: [ "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8686", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-25748", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-16T21:23:23.823577Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-16T21:23:39.341Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Kubernetes ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.2.1", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Gafnit Amiga", }, ], datePublic: "2022-06-10T00:00:00", descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-24T00:00:00", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8", }, { url: "https://github.com/kubernetes/ingress-nginx/issues/8686", }, ], source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/8686", ], discovery: "EXTERNAL", }, title: "Ingress-nginx `path` sanitization can be bypassed with newline character", x_generator: { engine: "Vulnogram 0.0.9", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2021-25748", datePublished: "2023-05-24T00:00:00", dateReserved: "2021-01-21T00:00:00", dateUpdated: "2025-01-16T21:23:39.341Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7646
Vulnerability from cvelistv5
Published
2024-08-16 17:36
Modified
2024-08-19 18:28
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Version: 1.11.0 ≤ Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-16T20:02:54.833Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2024/08/16/5", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ingress-nginx", vendor: "kubernetes", versions: [ { lessThan: "1.11.2", status: "affected", version: "1.11.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:kubernetes:ingress-nginx:1.11.2:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ingress-nginx", vendor: "kubernetes", versions: [ { status: "affected", version: "1.11.2", }, ], }, { cpes: [ "cpe:2.3:a:kubernetes:ingress-nginx:1.10.4:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ingress-nginx", vendor: "kubernetes", versions: [ { status: "affected", version: "1.10.4", }, ], }, { cpes: [ "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ingress-nginx", vendor: "kubernetes", versions: [ { lessThan: "1.10.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7646", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T17:23:56.022443Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-19T18:28:09.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.11.2", status: "affected", version: "1.11.0", versionType: "semver", }, { status: "unaffected", version: "1.11.2", }, { status: "unaffected", version: "1.10.4", }, { lessThan: "1.10.4", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "André Storfjord Kristiansen", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.<br><br>", }, ], value: "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], impacts: [ { capecId: "CAPEC-242", descriptions: [ { lang: "en", value: "CAPEC-242 Code Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T16:35:33.217Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/kubernetes/kubernetes/issues/126744", }, { tags: [ "mailing-list", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/a1__cKjWkfA", }, { tags: [ "patch", ], url: "https://github.com/kubernetes/ingress-nginx/pull/11719", }, { tags: [ "patch", ], url: "https://github.com/kubernetes/ingress-nginx/pull/11721", }, ], source: { discovery: "EXTERNAL", }, x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2024-7646", datePublished: "2024-08-16T17:36:53.783Z", dateReserved: "2024-08-09T14:23:20.118Z", dateUpdated: "2024-08-19T18:28:09.677Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-25746
Vulnerability from cvelistv5
Published
2022-05-06 00:50
Modified
2024-09-17 03:48
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ | x_refsource_MISC | |
| https://github.com/kubernetes/ingress-nginx/issues/8503 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220609-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Version: unspecified < 1.2.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T20:11:28.322Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8503", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Kubernetes ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.2.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Anthony Weems", }, { lang: "en", value: "jeffrey&oliver", }, ], datePublic: "2022-04-22T00:00:00", descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-06-09T18:06:17", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8503", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/8503", ], discovery: "EXTERNAL", }, title: "Ingress-nginx directive injection via annotations", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@kubernetes.io", DATE_PUBLIC: "2022-04-22T16:30:00.000Z", ID: "CVE-2021-25746", STATE: "PUBLIC", TITLE: "Ingress-nginx directive injection via annotations", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Kubernetes ingress-nginx", version: { version_data: [ { version_affected: "<", version_value: "1.2.0", }, ], }, }, ], }, vendor_name: "Kubernetes", }, ], }, }, credit: [ { lang: "eng", value: "Anthony Weems", }, { lang: "eng", value: "jeffrey&oliver", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-20: Improper Input Validation", }, ], }, ], }, references: { reference_data: [ { name: "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", refsource: "MISC", url: "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", }, { name: "https://github.com/kubernetes/ingress-nginx/issues/8503", refsource: "MISC", url: "https://github.com/kubernetes/ingress-nginx/issues/8503", }, { name: "https://security.netapp.com/advisory/ntap-20220609-0006/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], }, source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/8503", ], discovery: "EXTERNAL", }, }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2021-25746", datePublished: "2022-05-06T00:50:15.541972Z", dateReserved: "2021-01-21T00:00:00", dateUpdated: "2024-09-17T03:48:11.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1974
Vulnerability from cvelistv5
Published
2025-03-24 23:28
Modified
2025-03-27 03:55
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Version: 0 ≤ 1.11.4 Version: 1.12.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1974", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T03:55:19.309Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", modules: [ "Validating Admission Controller", ], product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "kubernetes", versions: [ { lessThanOrEqual: "1.11.4", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "1.12.0", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nir Ohfeld", }, { lang: "en", type: "finder", value: "Ronen Shustin", }, { lang: "en", type: "finder", value: "Sagi Tzadik", }, { lang: "en", type: "finder", value: "Hillai Ben Sasson", }, ], datePublic: "2025-03-24T19:36:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], value: "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], impacts: [ { capecId: "CAPEC-251", descriptions: [ { lang: "en", value: "CAPEC-251 Local Code Inclusion", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-653", description: "CWE-653 Improper Isolation or Compartmentalization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T23:28:48.985Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://https://github.com/kubernetes/kubernetes/issues/131009", }, ], source: { discovery: "EXTERNAL", }, title: "ingress-nginx admission controller RCE escalation", workarounds: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.", }, ], value: "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.", }, ], x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2025-1974", datePublished: "2025-03-24T23:28:48.985Z", dateReserved: "2025-03-04T21:34:07.543Z", dateUpdated: "2025-03-27T03:55:19.309Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1098
Vulnerability from cvelistv5
Published
2025-03-24 23:29
Modified
2025-03-27 03:55
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Version: 0 ≤ 1.11.4 Version: 1.12.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1098", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T03:55:16.707Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "kubernetes", versions: [ { lessThanOrEqual: "1.11.4", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "1.12.0", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nir Ohfeld", }, { lang: "en", type: "finder", value: "Ronen Shustin", }, { lang: "en", type: "finder", value: "Sagi Tzadik", }, { lang: "en", type: "finder", value: "Hillai Ben Sasson", }, ], datePublic: "2025-03-24T19:36:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], value: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], impacts: [ { capecId: "CAPEC-137", descriptions: [ { lang: "en", value: "CAPEC-137 Parameter Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T23:29:15.610Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://github.com/kubernetes/kubernetes/issues/131008", }, ], source: { discovery: "EXTERNAL", }, title: "ingress-nginx controller - configuration injection via unsanitized mirror annotations", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2025-1098", datePublished: "2025-03-24T23:29:15.610Z", dateReserved: "2025-02-07T00:11:53.927Z", dateUpdated: "2025-03-27T03:55:16.707Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5044
Vulnerability from cvelistv5
Published
2023-10-25 19:19
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.684Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10572", }, { tags: [ "mailing-list", "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/3", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-5044", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T14:43:17.311875Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T14:44:10.215Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.9.0", status: "affected", version: "0", versionType: "semver", }, { status: "unknown", version: "1.9.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Jan-Otto Kröpke (Cloudeteer GmbH)", }, ], datePublic: "2023-10-25T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.<br>", }, ], value: "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T17:06:12.054Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10572", }, { tags: [ "mailing-list", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/25/3", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, ], source: { discovery: "EXTERNAL", }, title: "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2023-5044", datePublished: "2023-10-25T19:19:08.139Z", dateReserved: "2023-09-18T13:11:51.554Z", dateUpdated: "2025-02-13T17:19:27.214Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24513
Vulnerability from cvelistv5
Published
2025-03-24 23:29
Modified
2025-03-25 13:39
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Version: 0 ≤ 1.11.4 Version: 1.12.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24513", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T13:39:36.149148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-25T13:39:50.057Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "kubernetes", versions: [ { lessThanOrEqual: "1.11.4", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "1.12.0", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nir Ohfeld", }, { lang: "en", type: "finder", value: "Ronen Shustin", }, ], datePublic: "2025-03-24T19:36:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", }, ], value: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.", }, ], impacts: [ { capecId: "CAPEC-126", descriptions: [ { lang: "en", value: "CAPEC-126 Path Traversal", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T23:29:25.215Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://github.com/kubernetes/kubernetes/issues/131005", }, ], source: { discovery: "EXTERNAL", }, title: "ingress-nginx controller - auth secret file path traversal vulnerability", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2025-24513", datePublished: "2025-03-24T23:29:25.215Z", dateReserved: "2025-01-23T00:50:17.928Z", dateUpdated: "2025-03-25T13:39:50.057Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-8553
Vulnerability from cvelistv5
Published
2020-07-29 14:53
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/ingress-nginx/issues/5126 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Version: unspecified < 0.28.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T10:03:46.369Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/5126", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "0.28.0", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Alex Orange", }, ], descriptions: [ { lang: "en", value: "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73 External Control of File Name or Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2020-07-29T14:53:32", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/kubernetes/ingress-nginx/issues/5126", }, ], source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/5126", ], discovery: "USER", }, title: "Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names", x_generator: { engine: "Vulnogram 0.0.9", }, x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@kubernetes.io", ID: "CVE-2020-8553", STATE: "PUBLIC", TITLE: "Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ingress-nginx", version: { version_data: [ { version_affected: "<", version_value: "0.28.0", }, ], }, }, ], }, vendor_name: "Kubernetes", }, ], }, }, credit: [ { lang: "eng", value: "Alex Orange", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.", }, ], }, generator: { engine: "Vulnogram 0.0.9", }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "CWE-73 External Control of File Name or Path", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/kubernetes/ingress-nginx/issues/5126", refsource: "CONFIRM", url: "https://github.com/kubernetes/ingress-nginx/issues/5126", }, ], }, source: { defect: [ "https://github.com/kubernetes/ingress-nginx/issues/5126", ], discovery: "USER", }, }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2020-8553", datePublished: "2020-07-29T14:53:32", dateReserved: "2020-02-03T00:00:00", dateUpdated: "2024-08-04T10:03:46.369Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-5043
Vulnerability from cvelistv5
Published
2023-10-25 19:18
Modified
2025-02-13 17:19
Severity ?
EPSS score ?
Summary
Ingress nginx annotation injection causes arbitrary command execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T07:44:53.863Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10571", }, { tags: [ "mailing-list", "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/4", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.9.0", status: "affected", version: "0", versionType: "semver", }, { status: "unknown", version: "1.9.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "suanve", }, ], datePublic: "2023-10-25T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ingress nginx annotation injection causes arbitrary command execution.<br>", }, ], value: "Ingress nginx annotation injection causes arbitrary command execution.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T17:06:13.687Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10571", }, { tags: [ "mailing-list", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/25/4", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, ], source: { discovery: "EXTERNAL", }, title: "Ingress nginx annotation injection causes arbitrary command execution", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2023-5043", datePublished: "2023-10-25T19:18:57.704Z", dateReserved: "2023-09-18T13:11:42.508Z", dateUpdated: "2025-02-13T17:19:26.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4886
Vulnerability from cvelistv5
Published
2023-10-25 19:18
Modified
2025-02-13 16:34
Severity ?
EPSS score ?
Summary
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Version: 0 ≤ |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:55:46.045Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "issue-tracking", "x_transferred", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10570", }, { tags: [ "mailing-list", "x_transferred", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/5", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20240307-0013/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2022-4886", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-03-07T18:53:58.938732Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-12-03T14:38:33.211Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unknown", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "Kubernetes", versions: [ { lessThan: "1.8.0", status: "affected", version: "0", versionType: "semver", }, { status: "unknown", version: "1.8.0", }, ], }, ], credits: [ { lang: "en", type: "reporter", user: "00000000-0000-4000-9000-000000000000", value: "Ginoah, working with the DEVCORE Internship Program", }, ], datePublic: "2023-10-25T16:30:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.<br>", }, ], value: "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.", }, ], impacts: [ { capecId: "CAPEC-233", descriptions: [ { lang: "en", value: "CAPEC-233 Privilege Escalation", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-03-07T17:06:56.111Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { tags: [ "issue-tracking", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10570", }, { tags: [ "mailing-list", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/25/5", }, { url: "https://security.netapp.com/advisory/ntap-20240307-0013/", }, ], source: { discovery: "EXTERNAL", }, title: "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2022-4886", datePublished: "2023-10-25T19:18:45.982Z", dateReserved: "2023-01-12T01:32:05.452Z", dateUpdated: "2025-02-13T16:34:04.600Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-1097
Vulnerability from cvelistv5
Published
2025-03-24 23:29
Modified
2025-03-27 03:55
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Version: 0 ≤ 1.11.4 Version: 1.12.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-1097", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T03:55:13.954Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "kubernetes", versions: [ { lessThanOrEqual: "1.11.4", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "1.12.0", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nir Ohfeld", }, { lang: "en", type: "finder", value: "Ronen Shustin", }, { lang: "en", type: "finder", value: "Sagi Tzadik", }, { lang: "en", type: "finder", value: "Hillai Ben Sasson", }, ], datePublic: "2025-03-24T19:36:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], value: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], impacts: [ { capecId: "CAPEC-137", descriptions: [ { lang: "en", value: "CAPEC-137 Parameter Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T23:29:05.879Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://github.com/kubernetes/kubernetes/issues/131007", }, ], source: { discovery: "EXTERNAL", }, title: "ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2025-1097", datePublished: "2025-03-24T23:29:05.879Z", dateReserved: "2025-02-07T00:11:49.551Z", dateUpdated: "2025-03-27T03:55:13.954Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2025-24514
Vulnerability from cvelistv5
Published
2025-03-24 23:29
Modified
2025-03-27 03:55
Severity ?
EPSS score ?
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Version: 0 ≤ 1.11.4 Version: 1.12.0 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2025-24514", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-26T00:00:00+00:00", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T03:55:17.986Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "ingress-nginx", repo: "https://github.com/kubernetes/ingress-nginx", vendor: "kubernetes", versions: [ { lessThanOrEqual: "1.11.4", status: "affected", version: "0", versionType: "semver", }, { status: "affected", version: "1.12.0", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Nir Ohfeld", }, { lang: "en", type: "finder", value: "Ronen Shustin", }, { lang: "en", type: "finder", value: "Sagi Tzadik", }, ], datePublic: "2025-03-24T19:36:00.000Z", descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A security issue was discovered in <a target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\">ingress-nginx</a> where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], value: "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)", }, ], impacts: [ { capecId: "CAPEC-137", descriptions: [ { lang: "en", value: "CAPEC-137 Parameter Injection", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20 Improper Input Validation", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-24T23:29:36.802Z", orgId: "a6081bf6-c852-4425-ad4f-a67919267565", shortName: "kubernetes", }, references: [ { url: "https://github.com/kubernetes/kubernetes/issues/131006", }, ], source: { discovery: "EXTERNAL", }, title: "ingress-nginx controller - configuration injection via unsanitized auth-url annotation", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "a6081bf6-c852-4425-ad4f-a67919267565", assignerShortName: "kubernetes", cveId: "CVE-2025-24514", datePublished: "2025-03-24T23:29:36.802Z", dateReserved: "2025-01-23T00:50:17.929Z", dateUpdated: "2025-03-27T03:55:17.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-05-06 01:15
Modified
2024-11-21 05:55
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/8503 | Issue Tracking, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ | Issue Tracking, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20220609-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/8503 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220609-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "7DD01B7D-743B-41AF-9D8F-D8C6038E6BD0", versionEndExcluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, { lang: "es", value: "Se ha detectado un problema de seguridad en ingress-nginx en el que un usuario que puede crear o actualizar objetos ingress puede usar .metadata.annotations en un objeto Ingress (en el grupo networking.k8s.io o extensions API) para obtener las credenciales del controlador ingress-nginx. En la configuración por defecto, esa credencial presenta acceso a todos los secretos del clúster", }, ], id: "CVE-2021-25746", lastModified: "2024-11-21T05:55:20.250", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-06T01:15:09.180", references: [ { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8503", }, { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8503", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-07-29 15:15
Modified
2024-11-21 05:39
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/5126 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/5126 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "60159025-3CB0-40E3-B960-4479582F192F", versionEndExcluding: "0.28.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.", }, { lang: "es", value: "El componente Kubernetes ingress-nginx anterior a la versión 0.28.0, permite a un usuario crear espacios de nombres y leer y crear objetos de ingreso para sobrescribir el archivo de contraseña de otro ingreso que usa nginx.ingress.kubernetes.io/auth-type: básico y que tiene un espacio de nombres con guiones o un nombre secreto", }, ], id: "CVE-2020-8553", lastModified: "2024-11-21T05:39:01.253", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4.9, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 6.8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.2, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 0.7, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-07-29T15:15:13.450", references: [ { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/5126", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/5126", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-73", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-610", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-05-24 17:15
Modified
2024-11-21 05:55
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/8686 | Issue Tracking, Mitigation, Vendor Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8 | Mailing List, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/8686 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8 | Mailing List, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "E43BDC85-F198-4126-B487-21F6C3667561", versionEndExcluding: "1.2.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, ], id: "CVE-2021-25748", lastModified: "2024-11-21T05:55:20.377", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-05-24T17:15:09.253", references: [ { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8686", }, { source: "jordan@liggitt.net", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8686", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Vendor Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2021-10-29 04:15
Modified
2024-11-21 05:55
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/7837 | Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY | Mailing List, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20211203-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/7837 | Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY | Mailing List, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211203-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * | |
| kubernetes | ingress-nginx | 1.0.0 | |
| netapp | trident | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "CEC0CA26-0429-4DD1-904B-5C7637C42704", versionEndExcluding: "0.49.1", vulnerable: true, }, { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*", matchCriteriaId: "8DA09AFA-48CD-4A55-9C15-A96249C704D0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*", matchCriteriaId: "5D9A34F5-AC03-4098-A37D-AD50727DDB11", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.", }, { lang: "es", value: "Se ha detectado un problema de seguridad en ingress-nginx donde un usuario que puede crear o actualizar objetos de entrada puede usar la función de fragmentos personalizados para obtener todos los secretos del clúster", }, ], id: "CVE-2021-25742", lastModified: "2024-11-21T05:55:19.853", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2021-10-29T04:15:08.220", references: [ { source: "jordan@liggitt.net", tags: [ "Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/7837", }, { source: "jordan@liggitt.net", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/7837", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", "Third Party Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20211203-0001/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-25 20:15
Modified
2025-02-13 18:15
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Ingress nginx annotation injection causes arbitrary command execution.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | http://www.openwall.com/lists/oss-security/2023/10/25/4 | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/10571 | Issue Tracking, Mitigation, Vendor Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo | Mailing List, Mitigation | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20240307-0012/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/25/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/10571 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo | Mailing List, Mitigation | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240307-0012/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "B1FAA6D4-954E-4E5F-AB9A-61E1A3F9CD9B", versionEndExcluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ingress nginx annotation injection causes arbitrary command execution.", }, { lang: "es", value: "La inyección de anotaciones de Ingress nginx provoca la ejecución de comandos arbitrarios.", }, ], id: "CVE-2023-5043", lastModified: "2025-02-13T18:15:54.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-25T20:15:18.037", references: [ { source: "jordan@liggitt.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/4", }, { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10571", }, { source: "jordan@liggitt.net", tags: [ "Mailing List", "Mitigation", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo", }, { source: "jordan@liggitt.net", url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-74", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2022-05-06 01:15
Modified
2024-11-21 05:55
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/8502 | Issue Tracking, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc | Issue Tracking, Mailing List, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20220609-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/8502 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc | Issue Tracking, Mailing List, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220609-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "7DD01B7D-743B-41AF-9D8F-D8C6038E6BD0", versionEndExcluding: "1.2.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.", }, { lang: "es", value: "Se ha detectado un problema de seguridad en ingress-nginx en el que un usuario que puede crear o actualizar objetos ingress puede usar el campo spec.rules[].http.paths[].path de un objeto Ingress (en el grupo networking.k8s.io o extensions API) para obtener las credenciales del controlador ingress-nginx. En la configuración por defecto, esa credencial presenta acceso a todos los secretos del clúster", }, ], id: "CVE-2021-25745", lastModified: "2024-11-21T05:55:20.110", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-05-06T01:15:09.047", references: [ { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8502", }, { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mailing List", "Mitigation", "Third Party Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc", }, { source: "jordan@liggitt.net", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/8502", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mailing List", "Mitigation", "Third Party Advisory", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20220609-0006/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-25 20:15
Modified
2025-02-13 17:15
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | http://www.openwall.com/lists/oss-security/2023/10/25/5 | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/10570 | Mitigation, Vendor Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI | Mailing List, Mitigation | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20240307-0013/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/25/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/10570 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI | Mailing List, Mitigation | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240307-0013/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "54E2DB85-1B0E-44DC-928F-28B1E1B74728", versionEndExcluding: "1.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.", }, { lang: "es", value: "La sanitización del parámetro `path` de Ingress-nginx se puede omitir con la directiva `log_format`.", }, ], id: "CVE-2022-4886", lastModified: "2025-02-13T17:15:51.100", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-25T20:15:09.790", references: [ { source: "jordan@liggitt.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/5", }, { source: "jordan@liggitt.net", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10570", }, { source: "jordan@liggitt.net", tags: [ "Mailing List", "Mitigation", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI", }, { source: "jordan@liggitt.net", url: "https://security.netapp.com/advisory/ntap-20240307-0013/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10570", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0013/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-25 20:15
Modified
2025-02-13 18:15
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | http://www.openwall.com/lists/oss-security/2023/10/25/3 | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://github.com/kubernetes/ingress-nginx/issues/10572 | Issue Tracking, Mitigation, Vendor Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0 | Mailing List, Mitigation | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20240307-0012/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/10/25/3 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/ingress-nginx/issues/10572 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0 | Mailing List, Mitigation | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240307-0012/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | ingress-nginx | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", matchCriteriaId: "B1FAA6D4-954E-4E5F-AB9A-61E1A3F9CD9B", versionEndExcluding: "1.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.", }, { lang: "es", value: "Inyección de código a través de la anotación nginx.ingress.kubernetes.io/permanent-redirect.", }, ], id: "CVE-2023-5044", lastModified: "2025-02-13T18:15:54.743", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 7.6, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 4.7, source: "jordan@liggitt.net", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-25T20:15:18.187", references: [ { source: "jordan@liggitt.net", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/3", }, { source: "jordan@liggitt.net", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10572", }, { source: "jordan@liggitt.net", tags: [ "Mailing List", "Mitigation", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0", }, { source: "jordan@liggitt.net", url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/25/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Vendor Advisory", ], url: "https://github.com/kubernetes/ingress-nginx/issues/10572", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Mitigation", ], url: "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20240307-0012/", }, ], sourceIdentifier: "jordan@liggitt.net", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "jordan@liggitt.net", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-94", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }