CVE-2021-25745: Ingress-nginx path can be pointed to service account token file
First published: Fri May 06 2022(Updated: )
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Credit: jordan@liggitt.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kubernetes ingress-nginx | <1.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2021-25745.
What is the severity of CVE-2021-25745?
The severity of CVE-2021-25745 is high with a CVSS score of 8.1.
How does the vulnerability in ingress-nginx affect me?
If you can create or update ingress objects and are using a version of ingress-nginx up to 1.2.0, you may be affected by this vulnerability.
How can an attacker exploit CVE-2021-25745?
An attacker can exploit CVE-2021-25745 by using the spec.rules[].http.paths[].path field of an Ingress object to obtain the credentials of the ingress-nginx controller.
How can I fix CVE-2021-25745?
To fix CVE-2021-25745, update your ingress-nginx installation to a version higher than 1.2.0.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/kubernetes
- canonical/kubernetes ingress-nginx