The Ingress NGINX Controller for Kubernetes has critical vulnerabilities that allow unauthorized access to all cluster secrets. Discovered by Wiz, these vulnerabilities carry a CVSS score of 9.8, with over 43% of cloud environments at risk. The admission controller component, which validates ingress objects, is particularly vulnerable because it is accessible without authentication by default. This flaw affects over 6,500 clusters, including those in Fortune 500 companies, making them susceptible to attacks from the public internet, presenting a significant security concern for Kubernetes users.
A 'nightmare', is how Wiz describes multiple critical vulnerabilities discovered in Ingress NGINX Controller for Kubernetes. These security leaks allow unauthorized access to all secrets in a Kubernetes cluster.
Wiz research shows that more than 41 percent of all internet-facing Kubernetes clusters use Ingress NGINX, highlighting the widespread risk of these vulnerabilities.
The core of the problem lies in the admission controller component of Ingress NGINX. This component validates incoming ingress objects before they are implemented.
By default, admission controllers are accessible without authentication via the network, which makes them an attractive target for attackers due to its easy access.
Collection
[
|
...
]