AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New vulnerabilities in the NGINX Ingress Controller for Kubernetes

Threats to the integrity and security of Kubernetes clusters

Three new high-severity vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could allow an attacker to steal credentials from the cluster. The vulnerabilities involve path sanitization, annotation injection, and code injection. The suggested solution is to update NGINX and enable command line configuration. Ingress controllers are subject to high risks due to their access to secrets and the Kubernetes API.

This pill is also available in Italian language

Three new high-severity security vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could be exploited by an attacker to steal secret credentials from the cluster.

The vulnerabilities discovered

The vulnerabilities are as follows:

  • CVE-2022-4886 (CVSS score: 8.8): Ingress-nginx path sanitization can be bypassed to obtain Ingress-nginx controller credentials.
  • CVE-2023-5043 (CVSS score: 7.6): Annotation injection in Ingress-nginx causes arbitrary command execution.
  • CVE-2023-5044 (CVSS score: 7.6): Code injection via the "nginx.ingress.kubernetes.io/permanent-redirect" annotation.

“These vulnerabilities allow an attacker, capable of controlling the configuration of the Ingress object, to steal secret credentials from the cluster,” said Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, regarding CVE-2023 -5043 and CVE-2023-5044.

The consequences of vulnerabilities

Exploitation of the vulnerability could allow an attacker to inject arbitrary code into the ingress controller process and gain unauthorized access to sensitive data.

CVE-2022-4886, the result of a lack of validation in the "spec.rules[].http.paths[].path" field, allows an attacker with access to the Ingress object to steal credentials from the input controller.

To address the CVE-2023-5043 and CVE-2023-5044 vulnerabilities, ARMO suggests updating NGINX to version 1.19 and enabling the "--enable-annotation-validation" command line configuration.

The risks associated with input controllers

“Despite pointing in different directions, all of these vulnerabilities point to the same underlying problem,” Hirschberg said. “The fact that ingress controllers have access to TLS secrets and the Kubernetes API by design makes them workloads with a high level of privilege. Furthermore, because they are often components exposed to the Internet, they are very vulnerable to access by external traffic to the cluster through them".

Follow us on Telegram for more pills like this

11/01/2023 12:10

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon