CVE-2021-25748
published 2023-05-24CVE-2021-25748: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization…
PriorityP337medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.69%
48.3th percentile
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| k8s.io | ingress-nginx | >= 0 < 1.2.1 | 1.2.1 |
| kubernetes | ingress-nginx | < 1.2.1 | 1.2.1 |
| kubernetes | kubernetes_ingress-nginx | >= unspecified < 1.2.1 | 1.2.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Ingress-nginx `path` sanitization can be bypassed with newline character
ghsa·2023-05-24
CVE-2021-25748 [MEDIUM] CWE-20 Ingress-nginx `path` sanitization can be bypassed with newline character
Ingress-nginx `path` sanitization can be bypassed with newline character
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
OSV
Ingress-nginx `path` sanitization can be bypassed with newline character
osv·2023-05-24
CVE-2021-25748 [MEDIUM] Ingress-nginx `path` sanitization can be bypassed with newline character
Ingress-nginx `path` sanitization can be bypassed with newline character
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
No detection rules found.
No public exploits indexed.
2023-05-24
Published