MEDIUM 4.8 Go
ingress-nginx controller - auth secret file path traversal vulnerability
GHSA-242m-6h72-7hgp · CVE-2025-24513 · GO-2025-3564
Published · Modified
Description
A security issue was discovered in ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2025-24513
- WEB https://github.com/kubernetes/kubernetes/issues/131005
- PACKAGE https://github.com/kubernetes/ingress-nginx
- WEB https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5
- WEB https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1
- WEB https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ
- WEB https://security.netapp.com/advisory/ntap-20250328-0008
Ready to move
Start Securing
Free, no credit card | First findings in minutes