AI DevwWrld Chatbot Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

New vulnerabilities in the NGINX Ingress Controller for Kubernetes

Threats to the integrity and security of Kubernetes clusters

Three new high-severity vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could allow an attacker to steal credentials from the cluster. The vulnerabilities involve path sanitization, annotation injection, and code injection. The suggested solution is to update NGINX and enable command line configuration. Ingress controllers are subject to high risks due to their access to secrets and the Kubernetes API.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Three new high-severity security vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could be exploited by an attacker to steal secret credentials from the cluster.

The vulnerabilities discovered

The vulnerabilities are as follows:

  • CVE-2022-4886 (CVSS score: 8.8): Ingress-nginx path sanitization can be bypassed to obtain Ingress-nginx controller credentials.
  • CVE-2023-5043 (CVSS score: 7.6): Annotation injection in Ingress-nginx causes arbitrary command execution.
  • CVE-2023-5044 (CVSS score: 7.6): Code injection via the "nginx.ingress.kubernetes.io/permanent-redirect" annotation.

“These vulnerabilities allow an attacker, capable of controlling the configuration of the Ingress object, to steal secret credentials from the cluster,” said Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, regarding CVE-2023 -5043 and CVE-2023-5044.

The consequences of vulnerabilities

Exploitation of the vulnerability could allow an attacker to inject arbitrary code into the ingress controller process and gain unauthorized access to sensitive data.

CVE-2022-4886, the result of a lack of validation in the "spec.rules[].http.paths[].path" field, allows an attacker with access to the Ingress object to steal credentials from the input controller.

To address the CVE-2023-5043 and CVE-2023-5044 vulnerabilities, ARMO suggests updating NGINX to version 1.19 and enabling the "--enable-annotation-validation" command line configuration.

The risks associated with input controllers

“Despite pointing in different directions, all of these vulnerabilities point to the same underlying problem,” Hirschberg said. “The fact that ingress controllers have access to TLS secrets and the Kubernetes API by design makes them workloads with a high level of privilege. Furthermore, because they are often components exposed to the Internet, they are very vulnerable to access by external traffic to the cluster through them".

Follow us on Google News for more pills like this

11/01/2023 12:10

Editorial AI

Last pills

Global blow to cybercrime: a major ransomware network has fallenCybercriminal organization busted: a success for global cybersecurity

Crisis in aviation: Rosaviatsia targeted by cyberattackCyber attack exposes vulnerability of Russian aviation sector

Introduction to the new SysJoker threatIn-depth analysis reveals evolutions and risks of SysJoker cross-platform malware

Cybersecurity strategies compared between Taiwan and JapanStrengthening digital defenses in the information age