Hacking News Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Hacking News Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes - Printable Version

+- (https://hackmyride.com/forum)
+-- Forum: Automotive Hacking (https://hackmyride.com/forum/forumdisplay.php?fid=211)
+--- Forum: News (https://hackmyride.com/forum/forumdisplay.php?fid=278)
+---- Forum: The Hacker News (https://hackmyride.com/forum/forumdisplay.php?fid=279)
+---- Thread: Hacking News Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes (/showthread.php?tid=9790)

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes - The Hacker News - 10-30-2023

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster.
The vulnerabilities are as follows -

CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller
CVE-2023-5043 (

https://thehackernews.com/2023/10/urgent-new-security-flaws-discovered-in.html