InfoSecBulletin Cybersecurity for mankind
Three unpatched security flaws in the NGINX Ingress controller for Kubernetes have been revealed. These flaws have a high severity level and could be used by a malicious actor to steal secret credentials from the cluster.
The vulnerabilities are as follows:
Eight New ICS Advisories released by CISA
Authority Denies
Hacker claim ransomware attack on Indonesia’s state bank BRI
London-based company “Builder.ai” reportedly exposed 1.2 TB data
(CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)
Sophos resolved 3 critical vulnerabilities in Firewall
“Workshop on Cybersecurity Awareness and Needs Analysis” held at BBTA
CVE-2023-48788
Kaspersky reveals active exploitation of Fortinet Vulnerability
U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports
Daily Security Update Dated: 18.12.2024
CISA released best practices to secure Microsoft 365 Cloud environments
Data breach! Ireland fines Meta $264 million, Australia $50m
CVE-2022-4886 (CVSS score: 8.8) – Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller.
CVE-2023-5043 (CVSS score: 7.6) – Ingress-nginx annotation injection causes arbitrary command execution.
CVE-2023-5044 (CVSS score: 7.6) – Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
The vulnerabilities CVE-2023-5043 and CVE-2023-5044 allow an attacker to steal secret credentials from the cluster.
Exploiting the flaws could let a person inject code into the ingress controller process, and get access to sensitive data without permission.
CVE-2022-4886 allows an attacker to steal Kubernetes API credentials from the ingress controller by exploiting a lack of validation in the “spec.rules[].http.paths[].path” field.
The operator can define the routing of incoming HTTP paths in the Ingress object. However, the vulnerable application does not properly check the validity of the inner path. This means that the inner path can point to an internal file that contains the service account token, which is used for authentication against the API server.
To address the issue, the software maintainers have provided solutions. These involve enabling the “strict-validate-path-type” option and setting the –enable-annotation-validation flag. By doing so, the creation of Ingress objects with invalid characters is prevented, and extra limitations are enforced.
ARMO said that updating NGINX to version 1.19, alongside adding the “–enable-annotation-validation” command-line configuration, resolves CVE-2023-5043 and CVE-2023-5044.
“Although they point in different directions, all of these vulnerabilities point to the same underlying problem,” Hirschberg said.
For more information click here.
