CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) (Score: 4.8, Medium)

A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

Am I vulnerable?

This issue affects ingress-nginx. If you do not have ingress-nginx installed on your cluster, you are not affected. You can check this by running `kubectl get pods --all-namespaces --selector app.kubernetes.io/name=ingress-nginx`.

Affected Versions

• < v1.11.0
• v1.11.0 - 1.11.4
• v1.12.0

How do I mitigate this vulnerability?

ACTION REQUIRED: The following steps must be taken to mitigate this vulnerability: Upgrade ingress-nginx to v1.11.5, v1.12.1, or any later version.

Before applying the patch, this issue can be mitigated by disabling the Validating Admission Controller functionality of ingress-nginx.

Fixed Versions

• ingress-nginx main@cbc1590

To upgrade, refer to the documentation: Upgrading Ingress-nginx

Detection

There are no known indicators of compromise that prove this vulnerability has been exploited.

If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io

Acknowledgements

This vulnerability was reported by Nir Ohfeld and Ronen Shustin from Wiz

The issue was fixed and coordinated by Marco Ebert, James Strong, Tabitha Sable, and the Kubernetes Security Response Committee