CVE-2024-7646
https://notcve.org/view.php?id=CVE-2024-7646
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. • https://github.com/UgOrange/CVE-2024-7646-poc https://github.com/r0binak/CVE-2024-7646 https://github.com/kubernetes/ingress-nginx/pull/11719 https://github.com/kubernetes/ingress-nginx/pull/11721 https://github.com/kubernetes/kubernetes/issues/126744 https://groups.google.com/g/kubernetes-security-announce/c/a1__cKjWkfA • CWE-20: Improper Input Validation •
CVE-2023-5044 – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
https://notcve.org/view.php?id=CVE-2023-5044
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Inyección de código a través de la anotación nginx.ingress.kubernetes.io/permanent-redirect. • https://github.com/r0binak/CVE-2023-5044 https://github.com/KubernetesBachelor/CVE-2023-5044 http://www.openwall.com/lists/oss-security/2023/10/25/3 https://github.com/kubernetes/ingress-nginx/issues/10572 https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0 https://security.netapp.com/advisory/ntap-20240307-0012 • CWE-20: Improper Input Validation CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2023-5043 – Ingress nginx annotation injection causes arbitrary command execution
https://notcve.org/view.php?id=CVE-2023-5043
Ingress nginx annotation injection causes arbitrary command execution. La inyección de anotaciones de Ingress nginx provoca la ejecución de comandos arbitrarios. • https://github.com/r0binak/CVE-2023-5043 http://www.openwall.com/lists/oss-security/2023/10/25/4 https://github.com/kubernetes/ingress-nginx/issues/10571 https://groups.google.com/g/kubernetes-security-announce/c/pVsXsOpxYZo https://security.netapp.com/advisory/ntap-20240307-0012 • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2022-4886 – Ingress-nginx `path` sanitization can be bypassed with `log_format` directive
https://notcve.org/view.php?id=CVE-2022-4886
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. La sanitización del parámetro `path` de Ingress-nginx se puede omitir con la directiva `log_format`. • http://www.openwall.com/lists/oss-security/2023/10/25/5 https://github.com/kubernetes/ingress-nginx/issues/10570 https://groups.google.com/g/kubernetes-security-announce/c/ge7u3qCwZLI https://security.netapp.com/advisory/ntap-20240307-0013 • CWE-20: Improper Input Validation •
CVE-2021-25748 – Ingress-nginx `path` sanitization can be bypassed with newline character
https://notcve.org/view.php?id=CVE-2021-25748
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. • https://github.com/kubernetes/ingress-nginx/issues/8686 https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8 • CWE-20: Improper Input Validation •