Summary
A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. Multi-tenant environments where non-admin users have permissions to create Ingress objects are most affected.
Impact
An authenticated user with permission to create or modify Ingress objects can inject arbitrary commands via the nginx.ingress.kubernetes.io/permanent-redirect annotation value. Successful exploitation allows the attacker to obtain the ingress-nginx controller's service account token, which grants read access to all cluster secrets by default. When running the chrooted ingress-nginx controller variant (introduced in v1.2.0), command execution remains possible but credential extraction is not, reducing the effective severity for that configuration.
Detection
Verify whether ingress-nginx is installed in your cluster:
kubectl get po -n ingress-nginx
Review Kubernetes audit logs for Ingress objects whose nginx.ingress.kubernetes.io/permanent-redirect annotation value contains unusual characters or patterns inconsistent with standard redirect URLs. If evidence of exploitation is found, contact security@kubernetes.io.
Mitigation
Upgrade ingress-nginx to v1.9.0 or later. Version v1.9.0 introduces the --enable-annotation-validation flag, which enforces restrictions on the contents of ingress-nginx annotation fields and prevents injection via annotation values.
Ingress administrators running v1.9.0 should set the --enable-annotation-validation flag on the ingress-nginx controller to activate the annotation validation enforcement.
Where an immediate upgrade is not possible, restrict Ingress object creation and modification permissions to trusted administrators only using RBAC.