ingress-nginx Configuration Injection Vulnerability via Unsanitized Mirror Annotations

A vulnerability exists in ingress-nginx versions prior to 1.11.0, as well as in versions 1.11.0 through 1.11.4 and 1.12.0. The issue arises from the 'mirror-target' and 'mirror-host' Ingress annotations, which can be exploited to inject arbitrary configuration into nginx. This injection could lead to arbitrary code execution within the context of the ingress-nginx controller and allow the disclosure of Secrets that the controller can access. By default, the controller has access to all Secrets cluster-wide.

Impact

Exploitation of this vulnerability could result in arbitrary code execution in the context of the ingress-nginx controller and the unauthorized disclosure of Secrets accessible to the controller.

Remediation

Users are advised to upgrade ingress-nginx to version 1.11.5, 1.12.1, or any later version. For upgrade instructions, refer to the 'Upgrading Ingress-nginx' documentation.