Summary
A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. Multi-tenant environments where non-admin users have permissions to create Ingress objects are most affected.
Impact
Any user with permission to create or update Ingress objects in the cluster can exploit this vulnerability to execute arbitrary commands in the context of the ingress-nginx controller process and extract its service account token. Because the controller's service account has access to all Secrets in the cluster by default, this effectively grants cluster-wide secret read access to the attacker. Clusters that do not have ingress-nginx installed are not affected. If the chrooted controller image (introduced in v1.2.0) is in use, command execution is possible but credential extraction is not, so the effective severity is lower.
Detection
Inspect ingress-nginx Ingress objects for unexpected or unfamiliar nginx.ingress.kubernetes.io/configuration-snippet annotations. Kubernetes audit logs can be used to identify recent Ingress create or update events from users who should not have write access to those resources. If you find evidence that this vulnerability has been exploited, contact security@kubernetes.io.
Mitigation
Upgrade ingress-nginx to v1.9.0 or later.
As a workaround without upgrading, Ingress administrators should set the --enable-annotation-validation flag on the ingress-nginx controller. This flag enforces restrictions on the contents of ingress-nginx annotation fields and prevents injection of arbitrary directives.