Security vulnerability discovered in Ingress controller
CVE-2024-7646
Key Information:
- Vendor
- ingress-nginx
- Vendor
- CVE Published:
- 16 August 2024
Badges
Summary
A critical vulnerability has been discovered in the widely used ingress-nginx Kubernetes controller, tracked as CVE-2024-7646. Attackers can bypass annotation validation to inject arbitrary commands and obtain the credentials of the controller, allowing access to all secrets in the cluster. The flaw allows attackers to execute arbitrary commands, inject arbitrary HTTP responses, and potentially gain access to the controller's credentials. To mitigate this vulnerability, users should upgrade to ingress-nginx v1.11.2 or later, implement strict RBAC policies, use admission controllers like ValidatingAdmissionWebhook to validate Ingress objects, and enable Kubernetes audit logging to detect exploitation attempts. This highlights the ongoing need for vigilance and proactive security measures in Kubernetes environments.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
The Hacker NewsCVE-2024-7646Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters
Discover the critical security flaw in Azure Kubernetes Services, its potential impact, and Microsoft's response to protect cluster credentials.
5 months ago
CybersecurityNewsCVE-2024-7646New Kubernetes Vulnerability Allows Attackers to Access Clusters Remotely
A critical vulnerability, tracked as CVE-2024-7646, has been uncovered in the widely used ingress-nginx Kubernetes controller.
5 months ago
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
- π°
First article discovered by CybersecurityNews
Vulnerability published