2354660 – (CVE-2025-24513) CVE-2025-24513 ingress-nginx: ingress-nginx controller - auth secret file path traversal vulnerability

Bug 2354660 (CVE-2025-24513) - CVE-2025-24513 ingress-nginx: ingress-nginx controller - auth secret file path traversal vulnerability

Summary: CVE-2025-24513 ingress-nginx: ingress-nginx controller - auth secret file pat...

Keywords:
Status:	NEW
Alias:	CVE-2025-24513
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-03-25 00:01 UTC by OSIDB Bzimport
Modified:	2025-03-26 13:47 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-03-25 00:01:13 UTC

A security issue was discovered in  ingress-nginx https://github.com/kubernetes/ingress-nginx  where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

Note You need to log in before you can comment on or make changes to this bug.