CVE-2025-24513
4.8
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| kubernetes | ingress-nginx | 0 <= 1.11.4 | affected |
| kubernetes | ingress-nginx | 1.12.0 | affected |
Weaknesses
- CWE-20: CWE-20 Improper Input Validation
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.