Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubernetes ingress-nginx |
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Just tricks, no treats with these 3 vulns
Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters. The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It's unclear if any of the flaws have been exploited. The Register did not immediately receive a response to questions, including if the bugs have been found and exploited and whe...