Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Ingress-nginx `path` sanitization can be bypassed with newline character
Vulnerability Description
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
Kubernetes ingress-nginx 安全漏洞
Vulnerability Description
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx 存在安全漏洞。攻击者利用该漏洞可以获取ingress-nginx控制器的凭证。
CVSS Information
N/A
Vulnerability Type
N/A