Zalando's Skipper is an HTTP router and reverse proxy widely used for service composition, often deployed in Kubernetes environments. Versions prior to 0.23.0 have a default configuration parameter '-lua-sources=inline,file' that permits Lua scripts to be defined inline or via files. This configuration flaw allows untrusted users who can create or modify Lua filters—commonly through Kubernetes Ingress resources—to inject arbitrary Lua code. Since Lua scripts run with the privileges of the Skipper process, this enables attackers to read the filesystem accessible to Skipper, including sensitive secrets and logs, thus compromising confidentiality and integrity. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code), CWE-250 (Execution with Unnecessary Privileges), and CWE-522 (Insufficiently Protected Credentials). Exploitation requires some level of privilege (PR:L) but no user interaction, and the attack surface includes any environment where untrusted users can influence Lua filter creation. The vulnerability has a CVSS 3.1 score of 8.8, indicating high severity with network attack vector, low attack complexity, and high impact on confidentiality, integrity, and availability. The issue was addressed in Skipper version 0.23.0 by disabling or restricting inline Lua scripting capabilities.

For European organizations, this vulnerability poses significant risks, particularly for those deploying Skipper in Kubernetes clusters with multi-tenant ingress configurations or where untrusted users can define ingress rules. Successful exploitation can lead to unauthorized disclosure of sensitive data, including secrets and logs, potentially enabling further lateral movement or privilege escalation. The integrity of routing and proxying functions can be compromised, disrupting service availability and trustworthiness. Organizations in sectors with stringent data protection requirements, such as finance, healthcare, and critical infrastructure, face heightened regulatory and operational risks. Additionally, the ability to read secrets may expose credentials for other systems, amplifying the attack impact. Given the widespread adoption of Kubernetes and microservices architectures in Europe, the vulnerability could affect a broad range of enterprises, especially those using Zalando Skipper as part of their ingress or service mesh solutions.

The primary mitigation is to upgrade all Skipper deployments to version 0.23.0 or later, where the vulnerability is fixed by disabling or restricting inline Lua scripting. Until upgrades can be performed, organizations should restrict the ability to create or modify Lua filters to fully trusted administrators only, ideally through strict RBAC policies in Kubernetes. Review and audit ingress resource definitions to ensure no untrusted users can inject Lua scripts. Implement network segmentation and monitoring to detect anomalous Skipper process behaviors or unauthorized filesystem access. Employ secrets management best practices to minimize the exposure of sensitive data even if the filesystem is accessed. Additionally, consider disabling Lua scripting entirely if not required. Regularly monitor vulnerability advisories and apply patches promptly. Finally, conduct penetration testing and code reviews focusing on ingress configurations and Lua filter usage to identify potential exploitation paths.