GO-2026-5485
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation in github.com/kong/kubernetes-ingress-controller
Details
Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing `konghq.com/gatewayclass-unmanaged: 'true'` annotation in github.com/kong/kubernetes-ingress-controller
Are you affected?
Enter the version of the package you're using.
Affected packages
0 No fixed version published yet for github.com/kong/kubernetes-ingress-controller (go modules). Pin to a known-safe version or switch to an alternative.
0 No fixed version published yet for github.com/kong/kubernetes-ingress-controller/v2 (go modules). Pin to a known-safe version or switch to an alternative.
0 Fixed in: 3.4.14 go get github.com/kong/kubernetes-ingress-controller/v3@v3.4.14 References
- https://github.com/Kong/kubernetes-ingress-controller/security/advisories/GHSA-m23h-6mwm-39m8 [ADVISORY]
- https://github.com/Kong/kubernetes-ingress-controller/pull/7920 [WEB]
- https://github.com/Kong/kubernetes-ingress-controller/pull/7921 [WEB]
- https://github.com/Kong/kubernetes-ingress-controller/pull/7922 [WEB]