It is unclear whether this is a problem if you're running namespaced ingress-con... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		cassianoleal on Oct 22, 2021 \| parent \| context \| favorite \| on: Kubernetes ingress-nginx controller vulnerability It is unclear whether this is a problem if you're running namespaced ingress-controllers though. This comment [0] in the bug report says: `there's definitely an attack path that gets the ingress-nginx service account token, which has list rights on secrets at a cluster level (so allowing for all secret values to be retrieved).` I can't see how list permissions would allow retrieval of the secret value though. You'd need get permissions for that. [0] https://github.com/kubernetes/ingress-nginx/issues/7837#issu...

xnxn on Oct 22, 2021 [–]

> You'd need get permissions for that.

I'm afraid not. HTTP GET on a collection endpoint (which is the operation represented by the list verb) returns the full object content.

https://kubernetes.io/docs/reference/access-authn-authz/auth...

cassianoleal on Oct 23, 2021 | [–]

Interesting, thanks for the reference. This is at best surprising, at worst sloppy security design IMO.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact