#cve2022 — Public Fediverse posts on home.social

"🚨 NGINX Ingress Vulnerabilities Exposed! 🚨"

Three new vulnerabilities have been identified in the NGINX ingress controller for Kubernetes. These vulnerabilities, tagged as CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, could potentially allow attackers to steal secret credentials from the cluster. 🕵️‍♂️🔓

CVE-2023-5043 & CVE-2023-5044: These vulnerabilities can be exploited by attackers who can control the Ingress object's configuration. By using the annotation fields “configuration-snippet” or “permanent-redirect”, attackers can inject arbitrary code into the ingress controller process, gaining access to the service account token of the ingress controller. This token has a ClusterRole, enabling reading of all Kubernetes secrets in the cluster. 😱
CVE-2022-4886: This vulnerability lies in the way the “path” field is used in the Ingress routing definitions. A flaw in the validation of the inner path can lead to exposure of the service account token, which is used for authentication against the API server. 🚫

Mitigation steps include updating NGINX to version 1.19 and enabling the “--enable-annotation-validation” command line configuration. 🛡️

These vulnerabilities underscore the importance of securing ingress controllers, given their high privilege scope and potential exposure to external traffic.

Source: ARMO Blog by Ben Hirschberg, CTO & Co-founder.

Tags: #NGINX #Kubernetes #Vulnerability #CyberSecurity #IngressController #CVE2023 #CVE2022 🌐🔐🔍