CGA-cprx-mhr8-fxm2

Published

Last updated

https://images.chainguard.dev/security/CGA-cprx-mhr8-fxm2

Package

ingress-nginx-controller-fips

Latest Update

Not affected

Aliases

CVE-2023-5044
GHSA-fp9f-44c2-cw27

Severity

7.6

High

CVSS V3

Summary

Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation

Description

A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

References

https://nvd.nist.gov/vuln/detail/CVE-2023-5044
https://github.com/advisories/GHSA-fp9f-44c2-cw27
https://github.com/kubernetes/ingress-nginx/issues/10572
https://github.com/kubernetes/ingress-nginx
https://groups.google.com/g/kubernetes-security-announce/c/ukuYYvRNel0
https://security.netapp.com/advisory/ntap-20240307-0012
http://www.openwall.com/lists/oss-security/2023/10/25/3

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-cprx-mhr8-fxm2

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources