CVE-2021-25746 - OpenCVE

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kubernetes	Ingress-nginx

Configuration 1 [-]

cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kubernetes/ingress-nginx/issues/8503	Issue Tracking Mitigation Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ	Issue Tracking Mitigation Third Party Advisory
https://security.netapp.com/advisory/ntap-20220609-0006/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2022-04-22T00:00:00

Updated: 2022-06-09T18:06:17

Reserved: 2021-01-21T00:00:00

Link: CVE-2021-25746

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-06T01:15:09.180

Modified: 2022-12-02T23:05:30.323

Link: CVE-2021-25746

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "Kubernetes ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThan": "1.2.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Anthony Weems"}, {"lang": "en", "value": "jeffrey&oliver"}], "datePublic": "2022-04-22T00:00:00", "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-06-09T18:06:17", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/ingress-nginx/issues/8503"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20220609-0006/"}], "source": {"defect": ["https://github.com/kubernetes/ingress-nginx/issues/8503"], "discovery": "EXTERNAL"}, "title": "Ingress-nginx directive injection via annotations", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2022-04-22T16:30:00.000Z", "ID": "CVE-2021-25746", "STATE": "PUBLIC", "TITLE": "Ingress-nginx directive injection via annotations"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes ingress-nginx", "version": {"version_data": [{"version_affected": "<", "version_value": "1.2.0"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Anthony Weems"}, {"lang": "eng", "value": "jeffrey&oliver"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ", "refsource": "MISC", "url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"}, {"name": "https://github.com/kubernetes/ingress-nginx/issues/8503", "refsource": "MISC", "url": "https://github.com/kubernetes/ingress-nginx/issues/8503"}, {"name": "https://security.netapp.com/advisory/ntap-20220609-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20220609-0006/"}]}, "source": {"defect": ["https://github.com/kubernetes/ingress-nginx/issues/8503"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2021-25746", "datePublished": "2022-04-22T00:00:00", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2022-06-09T18:06:17", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DD01B7D-743B-41AF-9D8F-D8C6038E6BD0", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."}, {"lang": "es", "value": "Se ha detectado un problema de seguridad en ingress-nginx en el que un usuario que puede crear o actualizar objetos ingress puede usar .metadata.annotations en un objeto Ingress (en el grupo networking.k8s.io o extensions API) para obtener las credenciales del controlador ingress-nginx. En la configuraci\u00f3n por defecto, esa credencial presenta acceso a todos los secretos del cl\u00faster"}], "id": "CVE-2021-25746", "lastModified": "2022-12-02T23:05:30.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2022-05-06T01:15:09.180", "references": [{"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://github.com/kubernetes/ingress-nginx/issues/8503"}, {"source": "jordan@liggitt.net", "tags": ["Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/hv2-SfdqcfQ"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20220609-0006/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}