by numbsafari on 3/24/25, 9:07 PM with 21 comments
by Fizzadar on 3/24/25, 9:24 PM
by rcconf on 3/25/25, 10:29 PM
Here's a simple test:
`kubectl exec -it` a pod:
curl -k --fail https://ingress-nginx-controller-admission.ingress-nginx.svc...
If you see 400 Bad Request, that means this pod has access to the admission controller.
How easy would it be to find an avenue to make a request to the admission controller for anything running on your k8s cluster? (maybe your service takes any kind of URL and makes a request on your server...there's infinite possibilities of exploiting this.)
I am rethinking my choice in using ingress-nginx entirely, perhaps it's time to find a simpler solution that has more secure defaults.
by liveoneggs on 3/24/25, 9:36 PM
by AcidBurn on 3/24/25, 10:03 PM
by IlikeKitties on 3/24/25, 9:26 PM
> Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Beyond that, it could likely be used to sniff out client secrets from other connections as well if the attacker is sophisticated enough.
by frereit on 3/25/25, 6:47 AM
> January 10, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-1097.
> January 12, 2025 – Kubernetes proposed a fix for CVE-2025-1974.
> January 16, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-1974.
> January 20, 2025 – Kubernetes proposed a fix for CVE-2025-24513.
> January 21, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-24513.
Lol, lmao even. [1]
[1]: https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabili...
by formerly_proven on 3/24/25, 9:39 PM
1x “just run the code, CJ”
by yimby2001 on 3/24/25, 9:31 PM