Search criteria
28 vulnerabilities found for ingress-nginx by kubernetes
CVE-2025-24514 (GCVE-0-2025-24514)
Vulnerability from nvd – Published: 2025-03-24 23:29 – Updated: 2025-11-03 21:12
VLAI?
Title
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24514",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:17.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:44.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:36.802Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131006"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - configuration injection via unsanitized auth-url annotation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-24514",
"datePublished": "2025-03-24T23:29:36.802Z",
"dateReserved": "2025-01-23T00:50:17.929Z",
"dateUpdated": "2025-11-03T21:12:44.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24513 (GCVE-0-2025-24513)
Vulnerability from nvd – Published: 2025-03-24 23:29 – Updated: 2025-11-03 21:12
VLAI?
Title
ingress-nginx controller - auth secret file path traversal vulnerability
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:39:36.149148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:39:50.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:43.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster."
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:25.215Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131005"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - auth secret file path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-24513",
"datePublished": "2025-03-24T23:29:25.215Z",
"dateReserved": "2025-01-23T00:50:17.928Z",
"dateUpdated": "2025-11-03T21:12:43.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1974 (GCVE-0-2025-1974)
Vulnerability from nvd – Published: 2025-03-24 23:28 – Updated: 2025-11-10 17:23
VLAI?
Title
ingress-nginx admission controller RCE escalation
Summary
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
9.8 (Critical)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:19.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-10T17:23:37.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
},
{
"url": "https://github.com/B1ack4sh/Blackash-CVE-2025-1974"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Validating Admission Controller"
],
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-251",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-251 Local Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:28:48.985Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx admission controller RCE escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1974",
"datePublished": "2025-03-24T23:28:48.985Z",
"dateReserved": "2025-03-04T21:34:07.543Z",
"dateUpdated": "2025-11-10T17:23:37.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1098 (GCVE-0-2025-1098)
Vulnerability from nvd – Published: 2025-03-24 23:29 – Updated: 2025-11-03 20:57
VLAI?
Title
ingress-nginx controller - configuration injection via unsanitized mirror annotations
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:16.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:03.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:15.610Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131008"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - configuration injection via unsanitized mirror annotations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1098",
"datePublished": "2025-03-24T23:29:15.610Z",
"dateReserved": "2025-02-07T00:11:53.927Z",
"dateUpdated": "2025-11-03T20:57:03.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1097 (GCVE-0-2025-1097)
Vulnerability from nvd – Published: 2025-03-24 23:29 – Updated: 2025-11-03 20:57
VLAI?
Title
ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:13.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:02.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:05.879Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131007"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1097",
"datePublished": "2025-03-24T23:29:05.879Z",
"dateReserved": "2025-02-07T00:11:49.551Z",
"dateUpdated": "2025-11-03T20:57:02.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7646 (GCVE-0-2024-7646)
Vulnerability from nvd – Published: 2024-08-16 17:36 – Updated: 2024-08-19 18:28
VLAI?
Summary
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
1.11.0 , < 1.11.2
(semver)
Unaffected: 1.11.2 Unaffected: 1.10.4 Affected: 0 , < 1.10.4 (semver) |
Credits
André Storfjord Kristiansen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-16T20:02:54.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/16/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:1.11.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.11.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:1.10.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.10.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThan": "1.10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T17:23:56.022443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T18:28:09.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.11.2"
},
{
"status": "unaffected",
"version": "1.10.4"
},
{
"lessThan": "1.10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andr\u00e9 Storfjord Kristiansen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:35:33.217Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/126744"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/a1__cKjWkfA"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/11719"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/11721"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-7646",
"datePublished": "2024-08-16T17:36:53.783Z",
"dateReserved": "2024-08-09T14:23:20.118Z",
"dateUpdated": "2024-08-19T18:28:09.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5044 (GCVE-0-2023-5044)
Vulnerability from nvd – Published: 2023-10-25 19:19 – Updated: 2025-06-12 14:53
VLAI?
Title
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Summary
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
0 , < 1.9.0
(semver)
Unknown: 1.9.0 |
Credits
Jan-Otto Kröpke (Cloudeteer GmbH)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10572"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:53:07.514025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:53:17.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unknown",
"version": "1.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jan-Otto Kr\u00f6pke (Cloudeteer GmbH)"
}
],
"datePublic": "2023-10-25T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.\u003cbr\u003e"
}
],
"value": "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:12.054Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10572"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-5044",
"datePublished": "2023-10-25T19:19:08.139Z",
"dateReserved": "2023-09-18T13:11:51.554Z",
"dateUpdated": "2025-06-12T14:53:17.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5043 (GCVE-0-2023-5043)
Vulnerability from nvd – Published: 2023-10-25 19:18 – Updated: 2025-02-13 17:19
VLAI?
Title
Ingress nginx annotation injection causes arbitrary command execution
Summary
Ingress nginx annotation injection causes arbitrary command execution.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
0 , < 1.9.0
(semver)
Unknown: 1.9.0 |
Credits
suanve
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10571"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unknown",
"version": "1.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "suanve"
}
],
"datePublic": "2023-10-25T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ingress nginx annotation injection causes arbitrary command execution.\u003cbr\u003e"
}
],
"value": "Ingress nginx annotation injection causes arbitrary command execution."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:13.687Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10571"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ingress nginx annotation injection causes arbitrary command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-5043",
"datePublished": "2023-10-25T19:18:57.704Z",
"dateReserved": "2023-09-18T13:11:42.508Z",
"dateUpdated": "2025-02-13T17:19:26.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4886 (GCVE-0-2022-4886)
Vulnerability from nvd – Published: 2023-10-25 19:18 – Updated: 2025-02-13 16:34
VLAI?
Title
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Summary
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
0 , < 1.8.0
(semver)
Unknown: 1.8.0 |
Credits
Ginoah, working with the DEVCORE Internship Program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10570"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0013/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:53:58.938732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:38:33.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unknown",
"version": "1.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ginoah, working with the DEVCORE Internship Program"
}
],
"datePublic": "2023-10-25T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.\u003cbr\u003e"
}
],
"value": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:56.111Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10570"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0013/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2022-4886",
"datePublished": "2023-10-25T19:18:45.982Z",
"dateReserved": "2023-01-12T01:32:05.452Z",
"dateUpdated": "2025-02-13T16:34:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25748 (GCVE-0-2021-25748)
Vulnerability from nvd – Published: 2023-05-24 00:00 – Updated: 2025-01-16 21:23
VLAI?
Title
Ingress-nginx `path` sanitization can be bypassed with newline character
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , < 1.2.1
(custom)
|
Credits
Gafnit Amiga
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:23:23.823577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:23:39.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gafnit Amiga"
}
],
"datePublic": "2022-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
},
{
"url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8686"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx `path` sanitization can be bypassed with newline character",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25748",
"datePublished": "2023-05-24T00:00:00",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2025-01-16T21:23:39.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25746 (GCVE-0-2021-25746)
Vulnerability from nvd – Published: 2022-05-06 00:50 – Updated: 2024-09-17 03:48
VLAI?
Title
Ingress-nginx directive injection via annotations
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , < 1.2.0
(custom)
|
Credits
Anthony Weems
jeffrey&oliver
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anthony Weems"
},
{
"lang": "en",
"value": "jeffrey\u0026oliver"
}
],
"datePublic": "2022-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T18:06:17",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8503"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx directive injection via annotations",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2022-04-22T16:30:00.000Z",
"ID": "CVE-2021-25746",
"STATE": "PUBLIC",
"TITLE": "Ingress-nginx directive injection via annotations"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Anthony Weems"
},
{
"lang": "eng",
"value": "jeffrey\u0026oliver"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/8503",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8503"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25746",
"datePublished": "2022-05-06T00:50:15.541972Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:48:11.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25745 (GCVE-0-2021-25745)
Vulnerability from nvd – Published: 2022-05-06 00:50 – Updated: 2024-09-16 18:24
VLAI?
Title
Ingress-nginx path can be pointed to service account token file
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , < 1.2.0
(custom)
|
Credits
Gafnit Amiga
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gafnit Amiga"
}
],
"datePublic": "2022-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T18:06:16",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8502"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx path can be pointed to service account token file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2022-04-22T16:30:00.000Z",
"ID": "CVE-2021-25745",
"STATE": "PUBLIC",
"TITLE": "Ingress-nginx path can be pointed to service account token file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gafnit Amiga"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/8502",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8502"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25745",
"datePublished": "2022-05-06T00:50:14.042796Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T18:24:11.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25742 (GCVE-0-2021-25742)
Vulnerability from nvd – Published: 2021-10-29 04:05 – Updated: 2024-09-16 23:06
VLAI?
Title
Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , ≤ 0.49.0
(custom)
Unknown: next of 0.49.0 , < unspecified (custom) Affected: unspecified , ≤ 1.0.0 (custom) Unknown: next of 1.0.0 , < unspecified (custom) |
Credits
Mitch Hulscher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/7837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211203-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "0.49.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0.49.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mitch Hulscher"
}
],
"datePublic": "2021-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T00:50:12",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/7837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211203-0001/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/7837"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces",
"workarounds": [
{
"lang": "en",
"value": "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-10-21T16:15:00.000Z",
"ID": "CVE-2021-25742",
"STATE": "PUBLIC",
"TITLE": "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.49.0"
},
{
"version_affected": "\u003e?",
"version_value": "0.49.0"
},
{
"version_affected": "\u003c=",
"version_value": "1.0.0"
},
{
"version_affected": "\u003e?",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mitch Hulscher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/7837",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/7837"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211203-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211203-0001/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/7837"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25742",
"datePublished": "2021-10-29T04:05:10.713250Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:06:12.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8553 (GCVE-0-2020-8553)
Vulnerability from nvd – Published: 2020-07-29 14:53 – Updated: 2024-08-04 10:03
VLAI?
Title
Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names
Summary
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
Severity ?
5.9 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
unspecified , < 0.28.0
(custom)
|
Credits
Alex Orange
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "0.28.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Orange"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T14:53:32",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/5126"
],
"discovery": "USER"
},
"title": "Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"ID": "CVE-2020-8553",
"STATE": "PUBLIC",
"TITLE": "Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.28.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alex Orange"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/5126",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/5126"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8553",
"datePublished": "2020-07-29T14:53:32",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-24514 (GCVE-0-2025-24514)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:29 – Updated: 2025-11-03 21:12
VLAI?
Title
ingress-nginx controller - configuration injection via unsanitized auth-url annotation
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24514",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:17.986Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:44.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:36.802Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131006"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - configuration injection via unsanitized auth-url annotation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-24514",
"datePublished": "2025-03-24T23:29:36.802Z",
"dateReserved": "2025-01-23T00:50:17.929Z",
"dateUpdated": "2025-11-03T21:12:44.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24513 (GCVE-0-2025-24513)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:29 – Updated: 2025-11-03 21:12
VLAI?
Title
ingress-nginx controller - auth secret file path traversal vulnerability
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
Severity ?
4.8 (Medium)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24513",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-25T13:39:36.149148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T13:39:50.057Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:12:43.390Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster."
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:25.215Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131005"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - auth secret file path traversal vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-24513",
"datePublished": "2025-03-24T23:29:25.215Z",
"dateReserved": "2025-01-23T00:50:17.928Z",
"dateUpdated": "2025-11-03T21:12:43.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1098 (GCVE-0-2025-1098)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:29 – Updated: 2025-11-03 20:57
VLAI?
Title
ingress-nginx controller - configuration injection via unsanitized mirror annotations
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1098",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:16.707Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:03.818Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:15.610Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131008"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - configuration injection via unsanitized mirror annotations",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1098",
"datePublished": "2025-03-24T23:29:15.610Z",
"dateReserved": "2025-02-07T00:11:53.927Z",
"dateUpdated": "2025-11-03T20:57:03.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1097 (GCVE-0-2025-1097)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:29 – Updated: 2025-11-03 20:57
VLAI?
Title
ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1097",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:13.954Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:57:02.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/kubernetes/ingress-nginx\"\u003eingress-nginx\u003c/a\u003e where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137 Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:29:05.879Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/131007"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1097",
"datePublished": "2025-03-24T23:29:05.879Z",
"dateReserved": "2025-02-07T00:11:49.551Z",
"dateUpdated": "2025-11-03T20:57:02.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-1974 (GCVE-0-2025-1974)
Vulnerability from cvelistv5 – Published: 2025-03-24 23:28 – Updated: 2025-11-10 17:23
VLAI?
Title
ingress-nginx admission controller RCE escalation
Summary
A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Severity ?
9.8 (Critical)
CWE
- CWE-653 - Improper Isolation or Compartmentalization
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kubernetes | ingress-nginx |
Affected:
0 , ≤ 1.11.4
(semver)
Affected: 1.12.0 |
Credits
Nir Ohfeld
Ronen Shustin
Sagi Tzadik
Hillai Ben Sasson
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1974",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-26T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T03:55:19.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-10T17:23:37.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0008/"
},
{
"url": "https://github.com/B1ack4sh/Blackash-CVE-2025-1974"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Validating Admission Controller"
],
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.11.4",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "1.12.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nir Ohfeld"
},
{
"lang": "en",
"type": "finder",
"value": "Ronen Shustin"
},
{
"lang": "en",
"type": "finder",
"value": "Sagi Tzadik"
},
{
"lang": "en",
"type": "finder",
"value": "Hillai Ben Sasson"
}
],
"datePublic": "2025-03-24T19:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"value": "A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)"
}
],
"impacts": [
{
"capecId": "CAPEC-251",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-251 Local Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-653",
"description": "CWE-653 Improper Isolation or Compartmentalization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-24T23:28:48.985Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://https://github.com/kubernetes/kubernetes/issues/131009"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ingress-nginx admission controller RCE escalation",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"value": "Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2025-1974",
"datePublished": "2025-03-24T23:28:48.985Z",
"dateReserved": "2025-03-04T21:34:07.543Z",
"dateUpdated": "2025-11-10T17:23:37.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7646 (GCVE-0-2024-7646)
Vulnerability from cvelistv5 – Published: 2024-08-16 17:36 – Updated: 2024-08-19 18:28
VLAI?
Summary
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
1.11.0 , < 1.11.2
(semver)
Unaffected: 1.11.2 Unaffected: 1.10.4 Affected: 0 , < 1.10.4 (semver) |
Credits
André Storfjord Kristiansen
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-16T20:02:54.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/08/16/5"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:1.11.2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.11.2"
}
]
},
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:1.10.4:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.10.4"
}
]
},
{
"cpes": [
"cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ingress-nginx",
"vendor": "kubernetes",
"versions": [
{
"lessThan": "1.10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7646",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T17:23:56.022443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T18:28:09.677Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "1.11.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.11.2"
},
{
"status": "unaffected",
"version": "1.10.4"
},
{
"lessThan": "1.10.4",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Andr\u00e9 Storfjord Kristiansen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:35:33.217Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/126744"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/a1__cKjWkfA"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/11719"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kubernetes/ingress-nginx/pull/11721"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-7646",
"datePublished": "2024-08-16T17:36:53.783Z",
"dateReserved": "2024-08-09T14:23:20.118Z",
"dateUpdated": "2024-08-19T18:28:09.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5044 (GCVE-0-2023-5044)
Vulnerability from cvelistv5 – Published: 2023-10-25 19:19 – Updated: 2025-06-12 14:53
VLAI?
Title
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Summary
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
0 , < 1.9.0
(semver)
Unknown: 1.9.0 |
Credits
Jan-Otto Kröpke (Cloudeteer GmbH)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.684Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10572"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-12T14:53:07.514025Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T14:53:17.540Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unknown",
"version": "1.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jan-Otto Kr\u00f6pke (Cloudeteer GmbH)"
}
],
"datePublic": "2023-10-25T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.\u003cbr\u003e"
}
],
"value": "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:12.054Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10572"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-5044",
"datePublished": "2023-10-25T19:19:08.139Z",
"dateReserved": "2023-09-18T13:11:51.554Z",
"dateUpdated": "2025-06-12T14:53:17.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5043 (GCVE-0-2023-5043)
Vulnerability from cvelistv5 – Published: 2023-10-25 19:18 – Updated: 2025-02-13 17:19
VLAI?
Title
Ingress nginx annotation injection causes arbitrary command execution
Summary
Ingress nginx annotation injection causes arbitrary command execution.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
0 , < 1.9.0
(semver)
Unknown: 1.9.0 |
Credits
suanve
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10571"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/4"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.9.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unknown",
"version": "1.9.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "suanve"
}
],
"datePublic": "2023-10-25T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ingress nginx annotation injection causes arbitrary command execution.\u003cbr\u003e"
}
],
"value": "Ingress nginx annotation injection causes arbitrary command execution."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:13.687Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10571"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0012/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ingress nginx annotation injection causes arbitrary command execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-5043",
"datePublished": "2023-10-25T19:18:57.704Z",
"dateReserved": "2023-09-18T13:11:42.508Z",
"dateUpdated": "2025-02-13T17:19:26.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4886 (GCVE-0-2022-4886)
Vulnerability from cvelistv5 – Published: 2023-10-25 19:18 – Updated: 2025-02-13 16:34
VLAI?
Title
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
Summary
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
Severity ?
8.8 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
0 , < 1.8.0
(semver)
Unknown: 1.8.0 |
Credits
Ginoah, working with the DEVCORE Internship Program
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:55:46.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10570"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240307-0013/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:53:58.938732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T14:38:33.211Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "ingress-nginx",
"repo": "https://github.com/kubernetes/ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.8.0",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unknown",
"version": "1.8.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ginoah, working with the DEVCORE Internship Program"
}
],
"datePublic": "2023-10-25T16:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.\u003cbr\u003e"
}
],
"value": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-07T17:06:56.111Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/10570"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/25/5"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240307-0013/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx `path` sanitization can be bypassed with `log_format` directive",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2022-4886",
"datePublished": "2023-10-25T19:18:45.982Z",
"dateReserved": "2023-01-12T01:32:05.452Z",
"dateUpdated": "2025-02-13T16:34:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25748 (GCVE-0-2021-25748)
Vulnerability from cvelistv5 – Published: 2023-05-24 00:00 – Updated: 2025-01-16 21:23
VLAI?
Title
Ingress-nginx `path` sanitization can be bypassed with newline character
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , < 1.2.1
(custom)
|
Credits
Gafnit Amiga
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-16T21:23:23.823577Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-16T21:23:39.341Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gafnit Amiga"
}
],
"datePublic": "2022-06-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
},
{
"url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8686"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx `path` sanitization can be bypassed with newline character",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25748",
"datePublished": "2023-05-24T00:00:00",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2025-01-16T21:23:39.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25746 (GCVE-0-2021-25746)
Vulnerability from cvelistv5 – Published: 2022-05-06 00:50 – Updated: 2024-09-17 03:48
VLAI?
Title
Ingress-nginx directive injection via annotations
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , < 1.2.0
(custom)
|
Credits
Anthony Weems
jeffrey&oliver
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anthony Weems"
},
{
"lang": "en",
"value": "jeffrey\u0026oliver"
}
],
"datePublic": "2022-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T18:06:17",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8503"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx directive injection via annotations",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2022-04-22T16:30:00.000Z",
"ID": "CVE-2021-25746",
"STATE": "PUBLIC",
"TITLE": "Ingress-nginx directive injection via annotations"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Anthony Weems"
},
{
"lang": "eng",
"value": "jeffrey\u0026oliver"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/8503",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/8503"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8503"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25746",
"datePublished": "2022-05-06T00:50:15.541972Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-17T03:48:11.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25745 (GCVE-0-2021-25745)
Vulnerability from cvelistv5 – Published: 2022-05-06 00:50 – Updated: 2024-09-16 18:24
VLAI?
Title
Ingress-nginx path can be pointed to service account token file
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , < 1.2.0
(custom)
|
Credits
Gafnit Amiga
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "1.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gafnit Amiga"
}
],
"datePublic": "2022-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T18:06:16",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8502"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx path can be pointed to service account token file",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2022-04-22T16:30:00.000Z",
"ID": "CVE-2021-25745",
"STATE": "PUBLIC",
"TITLE": "Ingress-nginx path can be pointed to service account token file"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gafnit Amiga"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlc"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/8502",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/8502"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220609-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220609-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/8502"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25745",
"datePublished": "2022-05-06T00:50:14.042796Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T18:24:11.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25742 (GCVE-0-2021-25742)
Vulnerability from cvelistv5 – Published: 2021-10-29 04:05 – Updated: 2024-09-16 23:06
VLAI?
Title
Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Severity ?
7.6 (High)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | Kubernetes ingress-nginx |
Affected:
unspecified , ≤ 0.49.0
(custom)
Unknown: next of 0.49.0 , < unspecified (custom) Affected: unspecified , ≤ 1.0.0 (custom) Unknown: next of 1.0.0 , < unspecified (custom) |
Credits
Mitch Hulscher
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/7837"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211203-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "0.49.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 0.49.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.0.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mitch Hulscher"
}
],
"datePublic": "2021-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-06T00:50:12",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/7837"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211203-0001/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/7837"
],
"discovery": "EXTERNAL"
},
"title": "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces",
"workarounds": [
{
"lang": "en",
"value": "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-10-21T16:15:00.000Z",
"ID": "CVE-2021-25742",
"STATE": "PUBLIC",
"TITLE": "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "0.49.0"
},
{
"version_affected": "\u003e?",
"version_value": "0.49.0"
},
{
"version_affected": "\u003c=",
"version_value": "1.0.0"
},
{
"version_affected": "\u003e?",
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mitch Hulscher"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"
},
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/7837",
"refsource": "MISC",
"url": "https://github.com/kubernetes/ingress-nginx/issues/7837"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211203-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211203-0001/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/7837"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25742",
"datePublished": "2021-10-29T04:05:10.713250Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:06:12.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8553 (GCVE-0-2020-8553)
Vulnerability from cvelistv5 – Published: 2020-07-29 14:53 – Updated: 2024-08-04 10:03
VLAI?
Title
Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names
Summary
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
Severity ?
5.9 (Medium)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kubernetes | ingress-nginx |
Affected:
unspecified , < 0.28.0
(custom)
|
Credits
Alex Orange
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ingress-nginx",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "0.28.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Orange"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-29T14:53:32",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/5126"
],
"discovery": "USER"
},
"title": "Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"ID": "CVE-2020-8553",
"STATE": "PUBLIC",
"TITLE": "Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ingress-nginx",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.28.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alex Orange"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73 External Control of File Name or Path"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/ingress-nginx/issues/5126",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/ingress-nginx/issues/5126"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/ingress-nginx/issues/5126"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8553",
"datePublished": "2020-07-29T14:53:32",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}