Head Topics

Multiple Vulnerabilities Found in NGINX Ingress Controller for Kubernetes

Technology News

Multiple Vulnerabilities Found in NGINX Ingress Controller for Kubernetes
VulnerabilitiesNGINX Ingress ControllerKubernetes
  • 📰 TheRegister
  • ⏱ Reading Time:
  • 37 sec. here
  • 10 min. at publisher
  • 📊 Quality Score:
  • News: 46%
  • Publisher: 61%

Three vulnerabilities have been discovered in the NGINX ingress controller for Kubernetes, which can be exploited to inject arbitrary code, obtain high-level credentials, and steal secrets from the cluster. The bugs are currently awaiting triage, and it is unclear if they have been exploited. The Kubernetes Security Response Committee recommends enforcing restrictions on the contents of ingress-nginx annotation fields to mitigate the issues.

The vulnerabilities, tracked as CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886, were disclosed on October 27, and are listed as currently awaiting triage. It's unclear if any of the flaws have been exploited.did not immediately receive a response to questions, including if the bugs have been found and exploited and when a patch will be issued.

To mitigate both issues, the Kubernetes Security Response Committee's CJ Cullen recommends that ingress admins"set the --enable-annotation-validation flag to enforce restrictions on the contents of ingress-nginx annotation fields.", received an 8.8 CVSS severity score. If someone can create or update ingress objects, they can exploit this bug to obtain Kubernetes API credentials from the ingress controller, and then use that access to steal all secrets in the cluster.

When pathType is configured as Exact or Prefix, there is more strict validation, allowing only paths starting with"/" and containing only alphanumeric characters and"-","_" and additional"/".

We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

TheRegister /  🏆 67. in UK

Vulnerabilities NGINX Ingress Controller Kubernetes Code Injection High-Level Credentials Secrets Cluster Security

United Kingdom Latest News, United Kingdom Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Drug Addict Sentenced to 15 Months for Multiple BurglariesDrug Addict Sentenced to 15 Months for Multiple BurglariesSteven Regan, a drug addict with 25 previous convictions, has been sentenced to 15 months in jail for breaking into multiple establishments and stealing thousands of pounds worth of items. The break-ins have had a significant impact on the affected businesses.
Read more »

Horror M4 fireball crash involving multiple cars leaves one dead and three woundedHorror M4 fireball crash involving multiple cars leaves one dead and three woundedTraffic chaos as M4 is shut following a fireball crash involving multiple cars, that left one dead and three wounded. Police said the eastbound carriageway will be closed for several hours, advising drivers to find an alternative route.
Read more »

Multiple pedestrians injured after car collision in AldwychMultiple pedestrians injured after car collision in AldwychA Range Rover collided with pedestrians at a bus stop in Aldwych, resulting in several injuries. Three patients were taken to major trauma centers while others were taken to local hospitals. The incident is not believed to be terror-related.
Read more »

Leeds murder probe as woman dies after being found with 'multiple injuries'Leeds murder probe as woman dies after being found with 'multiple injuries'Detectives are trying to piece together what happened on Wednesday, October 25
Read more »



Render Time: 2025-08-28 20:11:16