ingress-nginx component for Kubernetes allows file overwrite

GHSA-hhpm-74pm-hf35 · CVE-2020-8553

Published May 24, 2022 · Modified May 20, 2026

Description

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-type: basic and which has a hyphenated namespace or secret name.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-8553
WEB https://github.com/kubernetes/ingress-nginx/issues/5126
PACKAGE https://github.com/kubernetes/ingress-nginx

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes