AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

New vulnerabilities in the NGINX Ingress Controller for Kubernetes

Threats to the integrity and security of Kubernetes clusters

Three new high-severity vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could allow an attacker to steal credentials from the cluster. The vulnerabilities involve path sanitization, annotation injection, and code injection. The suggested solution is to update NGINX and enable command line configuration. Ingress controllers are subject to high risks due to their access to secrets and the Kubernetes API.

This pill is also available in Italian language

Three new high-severity security vulnerabilities have been discovered in the NGINX Ingress Controller for Kubernetes, which could be exploited by an attacker to steal secret credentials from the cluster.

The vulnerabilities discovered

The vulnerabilities are as follows:

  • CVE-2022-4886 (CVSS score: 8.8): Ingress-nginx path sanitization can be bypassed to obtain Ingress-nginx controller credentials.
  • CVE-2023-5043 (CVSS score: 7.6): Annotation injection in Ingress-nginx causes arbitrary command execution.
  • CVE-2023-5044 (CVSS score: 7.6): Code injection via the "nginx.ingress.kubernetes.io/permanent-redirect" annotation.

“These vulnerabilities allow an attacker, capable of controlling the configuration of the Ingress object, to steal secret credentials from the cluster,” said Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, regarding CVE-2023 -5043 and CVE-2023-5044.

The consequences of vulnerabilities

Exploitation of the vulnerability could allow an attacker to inject arbitrary code into the ingress controller process and gain unauthorized access to sensitive data.

CVE-2022-4886, the result of a lack of validation in the "spec.rules[].http.paths[].path" field, allows an attacker with access to the Ingress object to steal credentials from the input controller.

To address the CVE-2023-5043 and CVE-2023-5044 vulnerabilities, ARMO suggests updating NGINX to version 1.19 and enabling the "--enable-annotation-validation" command line configuration.

The risks associated with input controllers

“Despite pointing in different directions, all of these vulnerabilities point to the same underlying problem,” Hirschberg said. “The fact that ingress controllers have access to TLS secrets and the Kubernetes API by design makes them workloads with a high level of privilege. Furthermore, because they are often components exposed to the Internet, they are very vulnerable to access by external traffic to the cluster through them".

Follow us on Twitter for more pills like this

11/01/2023 12:10

Editorial AI

Last pills

Global threat: serious security flaw discovered in the IEEE 802.11 Wi-Fi standardNew flaw in the IEEE 802.11 Wi-Fi standard exposes the security of global networks to serious risks

The fundamental aspects of computer security in everyday lifeProtection and prevention: how to safeguard personal data in the digital world

Black Basta hits Synlab: analysis of the attack and cybersecurity lessons for the healthcare sectorCyber defense strategies: how to protect healthcare infrastructures from ransomware

Google releases an emergency update for ChromeUrgent update to fix critical vulnerability in Chrome, users advised to install it immediately