Looking for IngressNightmare? #
Find our write-up over here.
Latest NGINX Ingress Controller vulnerability #
Today, three vulnerabilities in the NGINX Ingress Controller for Kubernetes were disclosed, as described in this article from The Hacker News. These vulnerabilities have CVSS scores ranging from 7.6 to 8.8; all of these scores are considered high.
These vulnerabilities have been designated as CVE-2022-4886, CVE-2023-5043, and CVE-2023-5044. Successful exploitation of one of these vulnerabilities could allow an attacker to execute arbitrary commands or steal the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
What is the impact? #
Upon successful exploitation, depending on configuration, attackers may be able to execute arbitrary commands or retrieve arbitrary infomration (including secrets) from the vulnerable service.
Are updates or workarounds available? #
As of October 30th, 2023, mitigations for each vulnerability are available and documented via disclosures from the ingress-nginx project on GitHub:
How do I find potentially vulnerable NGINX Ingress Controllers with runZero? #
From the Services Inventory, use the following query to locate assets running the NGINX Ingress Controller in your network that expose a web interface and which may need remediation or mitigation:
product:"NGINX Ingress Controller"
Note that this identification is based on the usage of the default NGINX Ingress Controller TLS (X.509) certificate. If a different certificate is used, detection may not work as expected. Further research into fingerprinting this software is ongoing.
