Unpatched Vulnerabilities in NGINX Ingress Controller for Kubernetes Open Door to Credential Theft

by | Oct 30, 2023 | News

Unpatched Vulnerabilities in NGINX Ingress Controller for Kubernetes Open Door to Credential Theft

Post Views: 544

Premium Content

Patreon
Subscribe to Patreon to watch this episode.
Reading Time: 3 Minutes

A trio of unpatched high-severity security vulnerabilities in the NGINX Ingress controller for Kubernetes has recently been disclosed, posing a substantial threat to Kubernetes clusters. These vulnerabilities could potentially be exploited by threat actors to steal sensitive credentials from the cluster.

The identified vulnerabilities are as follows:

  1. CVE-2022-4886 (CVSS score: 8.8) – This vulnerability allows the bypassing of Ingress-nginx path sanitization, potentially leading to the theft of credentials from the ingress-nginx controller.

  2. CVE-2023-5043 (CVSS score: 7.6) – An Ingress-nginx annotation injection flaw enables arbitrary command execution, putting the cluster’s security at risk.

  3. CVE-2023-5044 (CVSS score: 7.6) – This vulnerability facilitates code injection through the nginx.ingress.kubernetes.io/permanent-redirect annotation.

According to Ben Hirschberg, CTO and co-founder of Kubernetes security platform ARMO, these vulnerabilities offer an attacker who can control the configuration of the Ingress object the ability to steal secret credentials from the cluster, particularly with CVE-2023-5043 and CVE-2023-5044.

See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses

The successful exploitation of these vulnerabilities could result in an adversary injecting arbitrary code into the ingress controller process, potentially gaining unauthorized access to sensitive data.

CVE-2022-4886 stems from a lack of validation in the “spec.rules[].http.paths[].path” field, allowing an attacker with access to the Ingress object to pilfer Kubernetes API credentials from the ingress controller.

Mitigations

To mitigate these issues, the software maintainers have released specific steps, including enabling the “strict-validate-path-type” option and setting the –enable-annotation-validation flag to prevent the creation of Ingress objects with invalid characters and enforce additional restrictions.

Trending: Jeff Foley – OWASP Amass Founder

Trending: Recon Tool: CHOMTE.SH

Upgrading NGINX to version 1.19, in addition to adding the “–enable-annotation-validation” command-line configuration, is recommended by ARMO to address CVE-2023-5043 and CVE-2023-5044.

Hirschberg emphasized that all these vulnerabilities converge on the same underlying problem – the privileged nature of ingress controllers, which have access to TLS secrets and Kubernetes API. Being public-facing components, they are especially vulnerable to external traffic entering the cluster through them. This calls for heightened security measures to protect Kubernetes clusters from potential breaches.

Trending: StripedFly Malware: A Five-Year Undetected Threat to Windows and Linux Systems

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch

Recent News

EXPLORE OUR STORE

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This