-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
GoGoMiggo AIRoot Cause AnalysisThe vulnerability stems from improper path handling in the Admission Controller's secret management. The functions responsible for creating auth secret files and validating secret references would be the primary points where user-controlled input (secret names) are incorporated into file paths without adequate sanitization. The CWE-20 and CWE-22 mapping directly indicates missing input validation for path construction. The pattern matches common path traversal vulnerabilities where user-supplied data is used in file operations without sanitization.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| k8s.io/ingress-nginx | go | ||
| k8s.io/ingress-nginx | go |
KEV Misses 88% of Exploited CVEs- Get the report