Veracode Vulnerability DatabaseVERACODE:44017Improper Access Control
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.4%
github.com/kubernetes/ingress-nginx is vulnerable to Improper Access Control. The vulnerability exists because the library does not adequately validate path types. Consequently, an attacker with the ability to create or update ingress objects can utilize directives to evade the sanitization of the spec.rules[].http.paths[].path field within an Ingress object, specifically in the networking.k8s.io or extensions API group. This loophole may enable the attacker to acquire the credentials of the ingress-nginx controller. In the default configuration, these credentials grant access to all secrets in the cluster.
References
www.openwall.com/lists/oss-security/2023/10/25/5
github.com/kubernetes/ingress-nginx/commit/c540b584745ac47b45f859c5db52e6b7a612a9c6
github.com/kubernetes/ingress-nginx/issues/10570
groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI
groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI?pli=1
security.netapp.com/advisory/ntap-20240307-0013/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.4%