Gafnit Amiga

**Name of the Vulnerable Software and Affected Versions** ingress-nginx (affected versions not specified) **Description** A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** aws-iam-authenticator versions prior to 0.5.9 **Description** A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. **Recommendations** For versions prior to 0.5.9, update to version 0.5.9 or later to resolve the issue. As a temporary workaround, consider restricting access to allow-listed IAM identities to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ingress-nginx (affected versions not specified) **Description** A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress object to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.