CVE-2020-8553
go/github.com/kubernetes/ingress-nginx
Externally Controlled Reference to a Resource in Another Sphere
The Kubernetes ingress-nginx component allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type
.
All versions before 0.28.0
Upgrade to version 0.28.0 or above.
2020-08-05
source |