Description

Kong Ingress Controller for Kubernetes (KIC): Cross-namespace TLS Secret Exfiltration in Gateways with GatewayClass missing konghq.com/gatewayclass-unmanaged: 'true' annotation

Summary

A vulnerability in the Kong Ingress Controller (KIC) allows for the unauthorized exfiltration of TLS certificates and private keys across Kubernetes namespace boundaries. In "managed" mode (where the GatewayClass lacks an unmanaged annotation), the Gateway TLS translator skips critical status checks. This bypass allows the translator to fetch Secrets from any namespace KIC watches, even when a ReferenceGrant explicitly denies access or is missing.

An actor with RBAC permissions to create or modify Gateways in a low-privileged namespace can reference a Secret in a high-privileged namespace, causing KIC to "leak" that Secret's sensitive private key material into the Kong dataplane configuration.

Am I affected?

You are affected if all of these hold:

You are using Kong Ingress Controller with the Gateway API.

Your GatewayClass is operating in managed mode (default behavior, no unmanaged annotation).

KIC is configured to watch multiple namespaces (multi-tenant environment).

Users have RBAC permissions to create or update gateways.gateway.networking.k8s.io in their own namespaces.

You are not affected if any of this:

You only use KIC for Ingress resources (not Gateway API).

Your GatewayClass uses the konghq.com/gateway-unmanaged annotation.

KIC is restricted via RBAC or configuration to only watch a single namespace.

You have strictly limited Gateway creation/modification permissions to trusted cluster administrators only.

Mitigation

Add unmanaged gateway annotation: add the konghq.com/gateway-unmanaged annotation to your GatewayClass

Additional best practicies

Restrict Gateway RBAC: Limit the ability to create or modify Gateway resources to high-trust administrative users until a patch is applied.

Namespace Isolation: If possible, limit the namespaces KIC is permitted to watch using the WATCH_NAMESPACE environment variable or specific RBAC RoleBindings.

Fix

The fix mandates ReferenceGrant validation for all cross-namespace certificate references. By requiring a Programmed: True listener status, the translator now strictly authorizes external Secret access while maintaining default access for same-namespace certificates, effectively closing the exfiltration vector.

Fixed in #7920, with backports to supported release branches in #7921 and #7922.

Upgrade to one of the following patched versions (or later):

3.4.14

3.5.7

CVSS

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:P = 5.6 Medium

Aliases

References