KubernetesCVELIST:CVE-2021-25748CVE-2021-25748 Ingress-nginx `path` sanitization can be bypassed with newline character
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.8%
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
CNA Affected
[
{
"vendor": "Kubernetes",
"product": "Kubernetes ingress-nginx",
"versions": [
{
"version": "unspecified",
"lessThan": "1.2.1",
"status": "affected",
"versionType": "custom"
}
]
}
]Related
7.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
22.8%