InfoSecBulletin Cybersecurity for mankind
Three unpatched security flaws in the NGINX Ingress controller for Kubernetes have been revealed. These flaws have a high severity level and could be used by a malicious actor to steal secret credentials from the cluster.
The vulnerabilities are as follows:
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller.
CVE-2023-5043 (CVSS score: 7.6) – Ingress-nginx annotation injection causes arbitrary command execution.
CVE-2023-5044 (CVSS score: 7.6) – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
The vulnerabilities CVE-2023-5043 and CVE-2023-5044 allow an attacker to steal secret credentials from the cluster.
Exploiting the flaws could let a person inject code into the ingress controller process, and get access to sensitive data without permission.
CVE-2022-4886 allows an attacker to steal Kubernetes API credentials from the ingress controller by exploiting a lack of validation in the “spec.rules[].http.paths[].path” field.
The operator can define the routing of incoming HTTP paths in the Ingress object. However, the vulnerable application does not properly check the validity of the inner path. This means that the inner path can point to an internal file that contains the service account token, which is used for authentication against the API server.
To address the issue, the software maintainers have provided solutions. These involve enabling the “strict-validate-path-type” option and setting the –enable-annotation-validation flag. By doing so, the creation of Ingress objects with invalid characters is prevented, and extra limitations are enforced.
ARMO said that updating NGINX to version 1.19, alongside adding the “–enable-annotation-validation” command-line configuration, resolves CVE-2023-5043 and CVE-2023-5044.
“Although they point in different directions, all of these vulnerabilities point to the same underlying problem,” Hirschberg said.
For more information click here.
