Wiz has discovered critical vulnerabilities in the admission controller of Ingress-Nginx Controller, exposing more than 6,000 Kubernetes deployments to possible takeovers. The admission controller is pivotal as it processes ingress objects, translating them to an Nginx configuration. This configuration manages external traffic, essential for allowing outside access to Kubernetes applications. However, improper handling of configurations by Ingress-Nginx could enable attackers to inject malicious configurations, jeopardizing the security of Kubernetes clusters. The findings stress the importance of safeguarding web server configurations to prevent abuse.
"Our team found a vulnerability in this phase that allows injecting an arbitrary Nginx configuration remotely, by sending a malicious ingress object directly to the admission controller through the network."
Collection
[
|
...
]