Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

2023-10-30 06:46

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows - CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043 (

News URL

https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html

#kubernetes #nginx #security #CVE-2022-4886 #CVE-2023-5043

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-25	CVE-2023-5043	Injection vulnerability in Kubernetes Ingress-Nginx Ingress nginx annotation injection causes arbitrary command execution. network low complexity kubernetes CWE-74	8.8
2023-10-25	CVE-2022-4886	Unspecified vulnerability in Kubernetes Ingress-Nginx Ingress-nginx `path` sanitization can be bypassed with `log_format` directive. network low complexity kubernetes	6.5

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Kubernetes		18	12	49	23	5	89