—

GO-2026-5010

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Details

Kong Ingress Controller for Kubernetes (KIC): Secret-backed plugin configurations leak through non-sensitive diagnostics endpoint in github.com/kong/kubernetes-ingress-controller

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/kong/kubernetes-ingress-controller

Introduced in: 0

No fixed version published yet for github.com/kong/kubernetes-ingress-controller (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/kong/kubernetes-ingress-controller/v2

Introduced in: 0

No fixed version published yet for github.com/kong/kubernetes-ingress-controller/v2 (go modules). Pin to a known-safe version or switch to an alternative.

Go / github.com/kong/kubernetes-ingress-controller/v3

Introduced in: 0 Fixed in: 3.5.7

Fix go get github.com/kong/kubernetes-ingress-controller/v3@v3.5.7

References

https://github.com/Kong/kubernetes-ingress-controller/security/advisories/GHSA-3278-c88v-xrh4 [ADVISORY]