Improper Isolation or Compartmentalization

Summary

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to the disclosure of Secrets accessible to the controller. This issue affects github.com/kubernetes/ingress-nginx versions controller-v0.34.0 through controller-v1.11.4, controller-v1.12.0-beta.0 through controller-v1.12.0, helm-chart-3.16.0 through helm-chart-4.11.4, helm-chart-4.12.0-beta.0 through helm-chart-4.12.0, ingress-nginx-2.0.0 through ingress-nginx-3.15.2. (Note: In the default installation, the controller can access all Secrets cluster-wide.)