CVE-2020-8553

Externally Controlled Reference to a Resource in Another Sphere in go/github.com/kubernetes/ingress-nginx

Identifiers

CVE-2020-8553

Package Slug

go/github.com/kubernetes/ingress-nginx

Vulnerability

Externally Controlled Reference to a Resource in Another Sphere

Description

The Kubernetes ingress-nginx component allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type.

Affected Versions

All versions before 0.28.0

Solution

Upgrade to version 0.28.0 or above.

Last Modified

2020-08-05

source