8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-25745

GHSA ID

GHSA-pvmg-xgmx-9mxh

EPSS Score

0.41108%

CWE

CWE-20

Published

5/7/2022

Updated

1/27/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2021-25745

CVE-2021-25745: Improper Input Validation in k8s.io/ingress-nginx

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

(GitHub Advisory)

8.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2021-25745

GHSA ID

GHSA-pvmg-xgmx-9mxh

EPSS Score

0.41108%

CWE

CWE-20

Published

5/7/2022

Updated

1/27/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
k8s.io/ingress-nginx	go	< 1.2.0	1.2.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The provided vulnerability information describes an improper input validation issue in the spec.rules[].http.paths[].path field handling, but does not include specific code references, commit diffs, or patch details that would allow identification of exact vulnerable functions. While the vulnerability clearly exists in the path validation logic of the ingress-nginx controller's Ingress resource processing, the technical reports and advisories provided do not contain sufficient implementation details (function names, file paths, or specific validation logic) to confidently identify specific functions. The mitigation suggests adding path validation rules, but without seeing the actual code changes or maintainer comments linking to specific functions, we cannot reliably map the vulnerability to concrete function implementations.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* s**urity issu* w*s *is*ov*r** in in*r*ss-n*inx w**r* * us*r t**t **n *r**t* or up**t* in*r*ss o*j**ts **n us* t** sp**.rul*s[].*ttp.p*t*s[].p*t* *i*l* o* *n In*r*ss o*j**t (in t** n*tworkin*.k*s.io or *xt*nsions *PI *roup) to o*t*in t** *r***nti*ls

Reasoning

T** provi*** vuln*r**ility in*orm*tion **s*ri**s *n improp*r input v*li**tion issu* in t** `sp**.rul*s[].*ttp.p*t*s[].p*t*` *i*l* **n*lin*, *ut *o*s not in*lu** sp**i*i* *o** r***r*n**s, *ommit *i**s, or p*t** **t*ils t**t woul* *llow i**nti*i**tion

8.1

Basic Information

Concerned about an active attack path?

CVE-2021-25745: Improper Input Validation in k8s.io/ingress-nginx

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI