8.8
CWE
74 20
Advisory Published
CVE Published
Advisory Published
Updated

CVE-2023-5043: Ingress nginx annotation injection causes arbitrary command execution

First published: Wed Oct 25 2023(Updated: )

### Issue Details A security issue was identified in ingress-nginx where the nginx.ingress.kubernetes.io/configuration-snippet annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. This issue has been rated High (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L), and assigned CVE-2023-5043. ### Affected Components and Configurations This bug affects ingress-nginx. If you do not have ingress-nginx installed on your cluster, you are not affected. You can check this by running kubectl get po -n ingress-nginx. If you are running the “chrooted” ingress-nginx controller introduced in v1.2.0 (gcr.io/k8s-staging-ingress-nginx/controller-chroot), command execution is possible but credential extraction is not, so the High severity does not apply. Multi-tenant environments where non-admin users have permissions to create Ingress objects are most affected by this issue. #### Affected Versions <v1.9.0 #### Versions allowing mitigation v1.9.0 ### Mitigation Ingress Administrators should set the --enable-annotation-validation flag to enforce restrictions on the contents of ingress-nginx annotation fields. ### Detection If you find evidence that this vulnerability has been exploited, please contact security@kubernetes.io ### Additional Details See ingress-nginx Issue [#10571](https://github.com/kubernetes/ingress-nginx/issues/10571) for more details. ### Acknowledgements This vulnerability was reported by suanve Thank You, CJ Cullen on behalf of the Kubernetes Security Response Committee

Credit: jordan@liggitt.net jordan@liggitt.net

Affected SoftwareAffected VersionHow to fix
go/k8s.io/ingress-nginx<1.9.0
1.9.0
Kubernetes ingress-nginx<1.9.0
<1.9.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2023-5043?

    CVE-2023-5043 is a vulnerability in Kubernetes Ingress nginx that allows for arbitrary command execution through annotation injection.

  • How severe is CVE-2023-5043?

    CVE-2023-5043 has a severity rating of 8.8 (high).

  • Which version of Kubernetes Ingress nginx is affected by CVE-2023-5043?

    Kubernetes Ingress nginx version up to and exclusive of 1.9.0 is affected by CVE-2023-5043.

  • How can I fix CVE-2023-5043?

    To fix CVE-2023-5043, update Kubernetes Ingress nginx to a version higher than 1.9.0.

  • Where can I find more information about CVE-2023-5043?

    You can find more information about CVE-2023-5043 at the following references: [link1], [link2], [link3].

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203