CVE-2021-25748

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-25748
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25748.json
Aliases
Published
2023-05-24T17:15:09Z
Modified
2024-01-31T13:56:49.788823Z
Details

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

References

Affected packages

Git / github.com/kubernetes/ingress-nginx

Affected ranges

Type
GIT
Repo
https://github.com/kubernetes/ingress-nginx
Events
Introduced
0The exact introduced commit is unknown
Fixed
c32f9a43279425920c41ba2e54dfcb1a54c0daf7

Affected versions

0.*

0.10.0
0.9.0
0.9.0-alpha.1
0.9.0-beta.1
0.9.1
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6

controller-0.*

controller-0.31.0
controller-0.31.1
controller-0.32.0
controller-0.33.0
controller-0.34.0

controller-v0.*

controller-v0.34.0
controller-v0.34.1
controller-v0.35.0
controller-v0.40.0
controller-v0.40.1
controller-v0.40.2
controller-v0.41.0
controller-v0.41.1
controller-v0.41.2
controller-v0.42.0
controller-v0.43.0
controller-v0.44.0
controller-v0.45.0
controller-v0.46.0
controller-v0.47.0
controller-v0.48.1
controller-v0.49.0

controller-v1.*

controller-v1.0.0
controller-v1.0.1
controller-v1.0.2
controller-v1.0.3
controller-v1.0.4
controller-v1.0.5
controller-v1.1.0
controller-v1.1.1
controller-v1.1.2
controller-v1.1.3
controller-v1.2.0
controller-v1.2.0-beta.0
controller-v1.2.0-beta.1

helm-chart-3.*

helm-chart-3.16.0
helm-chart-3.16.1
helm-chart-3.17.0
helm-chart-3.18.0
helm-chart-3.19.0
helm-chart-3.20.0
helm-chart-3.20.1
helm-chart-3.21.0
helm-chart-3.22.0
helm-chart-3.23.0
helm-chart-3.24.0
helm-chart-3.25.0
helm-chart-3.26.0
helm-chart-3.27.0
helm-chart-3.28.0
helm-chart-3.29.0
helm-chart-3.30.0
helm-chart-3.31.0
helm-chart-3.32.0
helm-chart-3.33.0
helm-chart-3.34.0
helm-chart-3.35.0
helm-chart-3.36.0

helm-chart-4.*

helm-chart-4.0.1
helm-chart-4.0.10
helm-chart-4.0.11
helm-chart-4.0.12
helm-chart-4.0.13
helm-chart-4.0.15
helm-chart-4.0.16
helm-chart-4.0.17
helm-chart-4.0.18
helm-chart-4.0.19
helm-chart-4.0.2
helm-chart-4.0.3
helm-chart-4.0.4
helm-chart-4.0.5
helm-chart-4.0.6
helm-chart-4.0.7
helm-chart-4.0.8
helm-chart-4.0.9
helm-chart-4.1.0
helm-chart-4.1.0-beta.0
helm-chart-4.1.0-beta.1
helm-chart-4.1.1
helm-chart-4.1.2

ingress-nginx-2.*

ingress-nginx-2.0.0
ingress-nginx-2.0.1
ingress-nginx-2.0.2
ingress-nginx-2.0.3
ingress-nginx-2.1.0
ingress-nginx-2.10.0
ingress-nginx-2.11.0
ingress-nginx-2.11.1
ingress-nginx-2.11.2
ingress-nginx-2.11.3
ingress-nginx-2.12.0
ingress-nginx-2.12.1
ingress-nginx-2.13.0
ingress-nginx-2.14.0
ingress-nginx-2.15.0
ingress-nginx-2.16.0
ingress-nginx-2.2.0
ingress-nginx-2.3.0
ingress-nginx-2.4.0
ingress-nginx-2.5.0
ingress-nginx-2.6.0
ingress-nginx-2.7.0
ingress-nginx-2.7.1
ingress-nginx-2.8.0
ingress-nginx-2.9.0
ingress-nginx-2.9.1

ingress-nginx-3.*

ingress-nginx-3.0.0
ingress-nginx-3.1.0
ingress-nginx-3.10.0
ingress-nginx-3.10.1
ingress-nginx-3.11.0
ingress-nginx-3.11.1
ingress-nginx-3.12.0
ingress-nginx-3.13.0
ingress-nginx-3.15.0
ingress-nginx-3.15.1
ingress-nginx-3.15.2
ingress-nginx-3.2.0
ingress-nginx-3.3.0
ingress-nginx-3.3.1
ingress-nginx-3.4.0
ingress-nginx-3.4.1
ingress-nginx-3.5.0
ingress-nginx-3.5.1
ingress-nginx-3.6.0
ingress-nginx-3.7.0
ingress-nginx-3.7.1
ingress-nginx-3.8.0
ingress-nginx-3.9.0

nginx-0.*

nginx-0.10.1
nginx-0.10.2
nginx-0.11.0
nginx-0.12.0
nginx-0.13.0
nginx-0.14.0
nginx-0.15.0
nginx-0.16.0
nginx-0.16.1
nginx-0.16.2
nginx-0.17.0
nginx-0.17.1
nginx-0.18.0
nginx-0.19.0
nginx-0.20.0
nginx-0.21.0
nginx-0.22.0
nginx-0.23.0
nginx-0.24.0
nginx-0.24.1
nginx-0.25.0
nginx-0.25.1
nginx-0.26.0
nginx-0.26.1
nginx-0.26.2
nginx-0.27.0
nginx-0.27.1
nginx-0.28.0
nginx-0.29.0
nginx-0.30.0
nginx-0.9.0
nginx-0.9.0-beta.10
nginx-0.9.0-beta.11
nginx-0.9.0-beta.12
nginx-0.9.0-beta.13
nginx-0.9.0-beta.14
nginx-0.9.0-beta.15
nginx-0.9.0-beta.16
nginx-0.9.0-beta.18
nginx-0.9.0-beta.19
nginx-0.9.0-beta.2
nginx-0.9.0-beta.3
nginx-0.9.0-beta.4
nginx-0.9.0-beta.5
nginx-0.9.0-beta.6
nginx-0.9.0-beta.7
nginx-0.9.0-beta.8
nginx-0.9.0-beta.9

nginx-ingress-controller-0.*

nginx-ingress-controller-0.9-beta.1