Upstream information
Description
A security issue was discovered in ingress-nginx where an actor with permission to create Ingress objects (in the `networking.k8s.io` or `extensions` API group) can bypass annotation validation to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.SUSE information
Overall state of this security issue: Analysis
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
SUSE Bugzilla entry: 1229802 [NEW]SUSE Security Advisories:
- TID000021545, published Thu Sep 12 16:52:39 CEST 2024
SUSE Timeline for this CVE
CVE page created: Fri Aug 16 21:00:02 2024CVE page last modified: Thu Sep 12 17:48:21 2024