OK it requires access to the pod network. Bad, but not <i>that</i>. Here’s the 9.8: <a href="https://github.com/kubernetes/kubernetes/issues/131009" rel="nofollow">https://github.com/kubernetes/kubernetes/issues/131009</a>
I am a little confused about the comment section about this being overblown, it really isn't. Ignore all the comments in this post and fix this ASAP.<p>Here's a simple test:<p>`kubectl exec -it` a pod:<p>curl -k --fail <a href="https://ingress-nginx-controller-admission.ingress-nginx.svc.cluster.local" rel="nofollow">https://ingress-nginx-controller-admission.ingress-nginx.svc...</a><p>If you see 400 Bad Request, that means this pod has access to the admission controller.<p>How easy would it be to find an avenue to make a request to the admission controller for anything running on your k8s cluster? (maybe your service takes any kind of URL and makes a request on your server...there's infinite possibilities of exploiting this.)<p>I am rethinking my choice in using ingress-nginx entirely, perhaps it's time to find a simpler solution that has more secure defaults.
These seems overblown since because configuring your ingress controllers and annotating your pods is like "I copy and pasted bash | sudo" but controllers in k8s are a totally insane pattern so I guess any of them could steal/do a lot of evil, really.
That's quite a terrifying CVE.<p>> Multiple issues have been discovered in ingress-nginx that can result in arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)<p>Beyond that, it could likely be used to sniff out client secrets from other connections as well if the attacker is sophisticated enough.
> January 9, 2025 – Kubernetes proposed a fix for CVE-2025-1097.<p>> January 10, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-1097.<p>> January 12, 2025 – Kubernetes proposed a fix for CVE-2025-1974.<p>> January 16, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-1974.<p>> January 20, 2025 – Kubernetes proposed a fix for CVE-2025-24513.<p>> January 21, 2025 – Wiz Research reported a bypass for the proposed fix for CVE-2025-24513.<p>Lol, lmao even. [1]<p>[1]: <a href="https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities" rel="nofollow">https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabili...</a>