Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
CVE-2022-4886

6.5MEDIUM

Key Information:

Vendor: Kubernetes
Status: Ingress-nginx
Vendor: CVE Published:; 25 October 2023

Summary

The Ingress-nginx component of Kubernetes has a vulnerability related to its path sanitization process. This flaw allows malicious actors to bypass the intended sanitization using the 'log_format' directive, potentially leading to unauthorized access or manipulation of request data. Users should review their configurations and apply any necessary patches to mitigate the risks associated with this vulnerability.

Affected Version(s)

ingress-nginx 0 < 1.8.0

References

https://github.com/kubernetes/ingress-nginx/issues/10570

issue-tracking

https://groups.google.com/g/kubernetes-security-announce/...

mailing-list

http://www.openwall.com/lists/oss-security/2023/10/25/5

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 25, 2023
Vulnerability Reserved
Jan 12, 2023

Credit

Ginoah, working with the DEVCORE Internship Program