Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

I submitted the following report to [email protected]: > I've been exploring CVE-2021-25742 and believe I've discovered a variant (although it appears there may be many). Most template variables are not escaped properly in `nginx.tmpl`, leading to injection of arbitrary nginx directives. For example, the `nginx.ingress.kubernetes.io/connection-proxy-header` annotation is not validated/escaped and is inserted directly into the `nginx.conf` file. > > An attacker in a multi-tenant cluster with permission to create/modify ingresses can inject content into the connection-proxy-header annotation and read arbitrary files from the ingress controller (including the service account). > > I've created a secret gist demonstrating the issue against ingress-nginx v1.0.4: https://gist.github.com/amlweems/1cb7e96dca8ada8aee8dc019d4163f2c ## Impact An attacker with permission to create/modify ingresses in one namespace can inject content into the connection-proxy-header annotation and read arbitrary files from the ingress controller (including the service account). This service account has permission to read secrets in all namespaces.