CVE-2022-4886

Name of the Vulnerable Software and Affected Versions ingress-nginx (affected versions not specified)

Description The issue is related to a controller vulnerability in the Kubernetes ingress-nginx cluster, which is associated with errors in processing input data. This can allow a remote attacker to execute arbitrary code or elevate privileges using the log format directive. The path sanitization in ingress-nginx can be bypassed with the log format directive.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.