#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨 Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8. - ThreadSky

About ThreadSky

wizsecurity.bsky.social • 71 days ago

#IngressNightmare: Wiz Research uncovers a critical vulnerability in Ingress-NGINX 🚨

Wiz Research found a novel attack vector in one of Kubernetes's most fundamental projects, Ingress-NGINX, which is rated CVSS 9.8.

Comments

matthegap.bsky.social•71 days ago

That's a great vulnerability, thank you for your research.
One thing, though: I don't quite get your CVSS grading. The way I understand your text,you either need a misconfiguration (admission controller exposed to internet) or a pod compromise as a prerequisite, which would require a high complexity

wizsecurity.bsky.social•71 days ago

Why does this matter?

Ingress-NGINX is found in over 40% of cloud environments. If you're using this project, your infrastructure could be at risk.

wizsecurity.bsky.social•71 days ago

🔑 What's at risk?

This vulnerability allows attackers to gain access to all secrets across all namespaces in a Kubernetes cluster — essentially enabling a cluster takeover.

wizsecurity.bsky.social•71 days ago

🔒 What should you do?
A patch is available.
Upgrade to version v1.12.1, v1.11.5 to protect your environment.

Wiz research has worked closely with the Kubernetes maintainers over the last couple of months to fully mitigate this attack surface

📝 For full technical details: http://wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply