Aledbf

**Name of the Vulnerable Software and Affected Versions** ingress-nginx versions prior to 0.28.0 **Description** The issue is related to errors in processing hyperlinks in the ingress-nginx controller in a Kubernetes cluster. This can be exploited by a remote attacker to gain access to create, modify, or delete data. Specifically, a user with the ability to create namespaces and to read and create ingress objects can overwrite the password file of another ingress that uses basic authentication with a hyphenated namespace or secret name. **Recommendations** For versions prior to 0.28.0, update to version 0.28.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `nginx.ingress.kubernetes.io/auth-type` component to minimize the risk of exploitation. Avoid using hyphenated namespace or secret names in ingress objects that use basic authentication until the issue is resolved.