Join us

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass

@faun ・ Aug 18,2024

CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass

A new Kubernetes vulnerability affecting the ingress-nginx controller, CVE-2024-7646, allows malicious actors to bypass annotation validation and potentially gain unauthorized access to sensitive cluster resources. The vulnerability has a CVSS v3.1 base score of 8.8 (High), indicating the potential for significant impact on confidentiality, integrity, and availability of affected systems. It is crucial to upgrade to ingress-nginx controller v1.11.2 or later, audit existing Ingress objects for suspicious annotations, limit who can create and modify Ingress objects, enable Kubernetes audit logging, and implement `ValidatingAdmissionWebhooks` to enforce stricter validation.

Share with your friends and followers

Only registered users can post comments. Please, login or signup.

Start blogging about your favorite technologies, reach more readers and earn rewards!

Join other developers and claim your FAUN account now!

Publish your first story!
Avatar

The FAUN

@faun
A worldwide community of developers and DevOps enthusiasts!
User Popularity
3k

Influence

253k

Total Hits

1

Posts

Join faun
Read, Learn, Know, Teach

Hand curated newsletters for Developers, private Slack with like minded people, podcasts, job offers, news and more!