Moderate severityNVD Advisory· Published Jul 29, 2020· Updated Aug 4, 2024
Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names
CVE-2020-8553
Description
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 0.28.0 | 0.28.0 |
Affected products
17- osv-coords16 versionspkg:apk/chainguard/ingress-nginx-controllerpkg:apk/chainguard/ingress-nginx-controller-1.9pkg:apk/chainguard/ingress-nginx-controller-compatpkg:apk/chainguard/ingress-nginx-controller-compat-1.9pkg:apk/chainguard/ingress-nginx-controller-compat-fips-1.9pkg:apk/chainguard/ingress-nginx-controller-fipspkg:apk/chainguard/ingress-nginx-controller-fips-1.9pkg:apk/chainguard/ingress-nginx-controller-fips-compatpkg:apk/chainguard/kube-webhook-certgenpkg:apk/chainguard/kube-webhook-certgen-1.9pkg:apk/chainguard/kube-webhook-certgen-fipspkg:apk/chainguard/kube-webhook-certgen-fips-1.9pkg:apk/wolfi/ingress-nginx-controllerpkg:apk/wolfi/ingress-nginx-controller-compatpkg:apk/wolfi/kube-webhook-certgenpkg:golang/k8s.io/ingress-nginx
< 0+ 15 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.28.0
- Range: unspecified
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-hhpm-74pm-hf35ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8553ghsaADVISORY
- github.com/kubernetes/ingress-nginx/issues/5126ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.