CVE-2020-8553
5.9
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kubernetes | ingress-nginx | unspecified < 0.28.0 | affected |
Weaknesses
- CWE-73: CWE-73 External Control of File Name or Path
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.