CVE-2021-25745Improper Input Validation in Kubernetes Ingress-nginx

CWE-20Improper Input ValidationCWE-73External Control of File Name or Path5 documents5 sources
Severity
8.1HIGHNVD
CNA7.6
EPSS
0.4%
top 42.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Kubernetes Ingress-nginxK8s.io Ingress-nginxKubernetes Ingress-nginx
Timeline
PublishedMay 6
Latest updateMay 7

Description

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages3 packages

CVEListV5kubernetes/kubernetes_ingress-nginxunspecified1.2.0

🔴Vulnerability Details

3
GHSA
Improper Input Validation in k8s.io/ingress-nginx2022-05-07
OSV
Improper Input Validation in k8s.io/ingress-nginx2022-05-07
CVEList
Ingress-nginx path can be pointed to service account token file2022-05-06

📋Vendor Advisories

1
Red Hat
k8s.io/ingress-nginx: 'path' can be pointed to service account token file2022-04-22
CVE-2021-25745 — Improper Input Validation | cvebase