What is CVE-2021-25748?

CVE-2021-25748 is a security vulnerability in ingress-nginx that allows a user to bypass sanitization and obtain credentials by using a newline character in the 'spec.rules[].http.paths[].path' field of an Ingress object.

What is the severity of CVE-2021-25748?

The severity of CVE-2021-25748 is medium with a CVSS score of 6.5.

How can a user exploit CVE-2021-25748?

A user can exploit CVE-2021-25748 by creating or updating ingress objects and using a newline character in the 'spec.rules[].http.paths[].path' field.

Which software is affected by CVE-2021-25748?

The software affected by CVE-2021-25748 is the k8s.io/ingress-nginx package version up to exclusive 1.2.1 and Kubernetes Ingress-nginx version up to exclusive 1.2.1.

How do I remediate CVE-2021-25748?

To remediate CVE-2021-25748, update the k8s.io/ingress-nginx package to version 1.2.1 or higher.

Vulnerability/
CVE-2021-25748

high

7.6

CWE

24/5/2023

16/1/2025

CVE-2021-25748: Ingress-nginx `path` sanitization can be bypassed with newline character

First published: Wed May 24 2023(Updated: )

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

Credit: jordan@liggitt.net jordan@liggitt.net

Affected Software	Affected Version	How to fix
go/k8s.io/ingress-nginx	<1.2.1	1.2.1
Kubernetes ingress-nginx	<1.2.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-25748?
CVE-2021-25748 is a security vulnerability in ingress-nginx that allows a user to bypass sanitization and obtain credentials by using a newline character in the 'spec.rules[].http.paths[].path' field of an Ingress object.
What is the severity of CVE-2021-25748?
The severity of CVE-2021-25748 is medium with a CVSS score of 6.5.
How can a user exploit CVE-2021-25748?
A user can exploit CVE-2021-25748 by creating or updating ingress objects and using a newline character in the 'spec.rules[].http.paths[].path' field.
Which software is affected by CVE-2021-25748?
The software affected by CVE-2021-25748 is the k8s.io/ingress-nginx package version up to exclusive 1.2.1 and Kubernetes Ingress-nginx version up to exclusive 1.2.1.
How do I remediate CVE-2021-25748?
To remediate CVE-2021-25748, update the k8s.io/ingress-nginx package to version 1.2.1 or higher.

collector/github-advisory
alias/GHSA-863x-868h-968x
alias/CVE-2021-25748
collector/github-advisory-latest
package-manager/go
collector/nvd-latest
collector/nvd-index
collector/nvd-cve
agent/author
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/title
agent/description
agent/first-publish-date
agent/event
agent/tags
agent/trending
vendor/kubernetes
canonical/kubernetes ingress-nginx

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.