Volerion logoVolerion
Volerion logoVolerion

ingress-nginx Admission Controller Directory Traversal Vulnerability Allowing Denial-of-Service and Secret Disclosure

Vulnerability

A directory traversal vulnerability has been identified in the ingress-nginx Admission Controller feature. This issue arises because attacker-provided data is incorporated into filenames, leading to unauthorized access within the container's file system. The vulnerability could cause a denial-of-service condition or, when combined with other vulnerabilities, allow limited disclosure of Secret objects from the Kubernetes cluster.

Impact

Exploitation of this vulnerability could lead to unauthorized directory traversal within the container, causing a denial-of-service condition or, in conjunction with other vulnerabilities, allowing limited access to Secret objects from the Kubernetes cluster.

Remediation

Users are advised to upgrade ingress-nginx to version 1.11.5, 1.12.1, or any later version. If an immediate upgrade is not possible, the Validating Admission Controller functionality can be disabled as a temporary measure.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
5.0
exploitability
8.9
remediation
7.9
relevance
0.0
threat
6.4
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.