EUVD-2021-12630

Malware in sbrugna...

BIT-NGINX-INGRESS-CONTROLLER-2021-25748 Ingress-nginx `path` sanitization can be bypassed with newline character

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

Improper Access Control

github.com/kubernetes/ingress-nginx is vulnerable to Improper Access Control. The vulnerability exists because the library does not adequately validate path types. Consequently, an attacker with the ability to create or update ingress objects can utilize directives to evade the sanitization of th...

Kubernetes: Code inject via nginx.ingress.kubernetes.io/permanent-redirect annotation

The nginx.ingress.kubernetes.io/permanent-redirect annotation was not properly sanitized when passed into the nginx configuration, allowing code injection from users able to create ingress objects. This allowed commands to be run on the ingress-nginx-controller pod and the Kubernetes API to be...

Ingress-nginx `path` sanitization can be bypassed with newline character

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of...

GHSA-PVMG-XGMX-9MXH Improper Input Validation in k8s.io/ingress-nginx

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

Improper Input Validation

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules.http.paths.path field of an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default...

CVE-2021-25746 Ingress-nginx directive injection via annotations

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object in the networking.k8s.io or extensions API group to obtain the credentials of the ingress-nginx controller. In the default configuration, that...

Important: Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix and enhancement update

Red Hat OpenShift Container Platform release 3.11.232 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clou...