Home / Companies / SSOJet / Blog / Post Details
Content Deep Dive

CVE-2023-5043 & CVE-2024-7646: Ingress NGINX Security Vulnerabilities

Blog post from SSOJet

Post Details
Company
Date Published
Author
Gopal Gehlot
Word Count
478
Company Posts That Month
87
Language
English
Hacker News Points
-
Summary

Ingress-nginx, a widely used Kubernetes ingress controller, is facing multiple high-severity security vulnerabilities, including CVE-2023-5043 and CVE-2024-7646, which permit command injection and unauthorized access to cluster credentials through specific annotations. The vulnerabilities affect versions below v1.11.2 and present significant risks, particularly in multi-tenant environments where non-admin users can create Ingress objects. To mitigate these risks, it is recommended that administrators upgrade to the latest version, enable annotation validation using the --enable-annotation-validation flag, audit existing Ingress objects, and implement strict RBAC policies. Additionally, enabling Kubernetes audit logging is advised to detect potential exploitation attempts. For secure identity and access management, SSOJet offers solutions such as SSO, MFA, and Passkey management to enhance the security of Kubernetes clusters, supported by an API-first platform providing features like directory sync and various authentication methods.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 6 1,484 191 81 +77%