CRE-2025-0114

Nginx Ingress Controller rewritten URI has a zero lengthHigh

CRE-2025-0114View on GitHub

NginxReverse ProxyService OutageIngress ControllerNGINX IngressLoad BalancerKubernetes

Description

Detects rewrite error which leads to service unavailability.\nWrong rewrite causes responses with HTTP code 500 or 400.\n\nThis CRE detects empty rewrite.\n

Mitigation

- Check if ingress rule not missing `/` for example:\n ```kind: Ingress\n metadata:\n annotations:\n ...\n nginx.ingress.kubernetes.io/rewrite-target: $2\n ...\n - path: /path1(/|$)(.*)\n ```\n Accessing path **/path1/** will cause empty rewrite (HTTP code 500), and **/path1/path2** ends up with **path2** path (without **/** at the beginning - causing HTTP code 400).\n With following rule:\n ```kind: Ingress\n metadata:\n annotations:\n ...\n nginx.ingress.kubernetes.io/rewrite-target: /$2\n ...\n - path: /path1(/|$)(.*)\n ```\n At least one **/** is always added at the beginning of rewrite output.\n

References

• https://kubernetes.github.io/ingress-nginx/examples/rewrite/
• https://nginx.org/en/docs/http/ngx_http_rewrite_module.html