fkie_cve-2025-24513
Vulnerability from fkie_nvd
Published
2025-03-25 00:15
Modified
2025-03-27 16:45
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.
References
jordan@liggitt.nethttps://github.com/kubernetes/kubernetes/issues/131005
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security issue was discovered in  ingress-nginx https://github.com/kubernetes/ingress-nginx  where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema de seguridad en ingress-nginx (https://github.com/kubernetes/ingress-nginx). La funci\u00f3n Controlador de Admisi\u00f3n de ingress-nginx incluye datos proporcionados por el atacante en un nombre de archivo, lo que provoca un directory traversal dentro del contenedor. Esto podr\u00eda provocar una denegaci\u00f3n de servicio o, en combinaci\u00f3n con otras vulnerabilidades, una divulgaci\u00f3n limitada de objetos secretos del cl\u00faster."
    }
  ],
  "id": "CVE-2025-24513",
  "lastModified": "2025-03-27T16:45:46.410",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 2.5,
        "source": "jordan@liggitt.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-03-25T00:15:14.900",
  "references": [
    {
      "source": "jordan@liggitt.net",
      "url": "https://github.com/kubernetes/kubernetes/issues/131005"
    }
  ],
  "sourceIdentifier": "jordan@liggitt.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "jordan@liggitt.net",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.