Security News > 2023 > October > Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes
2023-10-30 06:46

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (


News URL

https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-5043 Injection vulnerability in Kubernetes Ingress-Nginx
Ingress nginx annotation injection causes arbitrary command execution.
network
low complexity
kubernetes CWE-74
8.8
2023-10-25 CVE-2022-4886 Unspecified vulnerability in Kubernetes Ingress-Nginx
Ingress-nginx `path` sanitization can be bypassed with `log_format` directive.
network
low complexity
kubernetes
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 5 45 34 8 92
Nginx 2 0 3 1 4 8