[kubernetes] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

[kubernetes] CVE-2023-5044: Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Open Source Security 

Posted by CJ Cullen on Oct 25

Issue Details

A security issue was identified in ingress-nginx
<https://github.com/kubernetes/ingress-nginx> where the
nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress
object (in the `networking.k8s.io` or `extensions` API group) can be used
to inject arbitrary commands, and obtain the credentials of the
ingress-nginx controller. In the default configuration, that credential has
access to all secrets in the cluster….
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert