Ingress-nginx `path` sanitization can be bypassed with newline character
CVE-2021-25748

7.6HIGH

Key Information:

Vendor: Kubernetes
Status: Kubernetes Ingress-nginx
Vendor: CVE Published:; 24 May 2023

Summary

A security vulnerability has been identified in ingress-nginx that allows an authenticated user to exploit newline characters in the spec.rules[].http.paths[].path field of an Ingress object. This manipulation can circumvent existing sanitization measures, enabling the unauthorized retrieval of the ingress-nginx controller's credentials, which by default possess access to all secrets within the Kubernetes cluster. This flaw poses a significant risk as it could lead to unauthorized access to sensitive information and requires immediate attention to mitigate potential exploitation.

Affected Version(s)

Kubernetes ingress-nginx < 1.2.1

References

https://groups.google.com/g/kubernetes-security-announce/...

https://github.com/kubernetes/ingress-nginx/issues/8686

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 24, 2023
Vulnerability Reserved
Jan 21, 2021

Credit

Gafnit Amiga