4 matches found
CVE-2020-8553
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...
Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-2020-8553)
Summary IBM Cloud Private is vulnerable to a Kubernetes vulnerability Vulnerability Details CVEID: CVE-2020-8553 DESCRIPTION: Kubernetes ingress-nginx could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when the annotation...
CVE-2020-8553
Summary: The Kubernetes ingress-nginx controller prior to 0.28.0 is vulnerable when a user can create namespaces and read/write ingress objects. They can overwrite the password file of another ingress that uses basic auth (nginx.ingress.kubernetes.io/auth-type: basic) if the target ingress has a ...
CVE-2020-8553 Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace ...