Our great sponsors
-
kubescape
Kubescape is an open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters. It includes risk analysis, security, compliance, and misconfiguration scanning, saving Kubernetes users and administrators precious time, effort, and resources.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
An issue with discussion: https://github.com/kubernetes/ingress-nginx/issues/7837
The only fix so far is removing the feature.
>According to the publication, multi-tenant environments where non-admin users have permissions to create Ingress objects are most affected by this issue.
Ouch! I guess this means lots of secret/password rotations for k8s admins coming soon. I've always wondered if there are public Kubernetes multi-tenant setups in the wild rather than just ones with admins and developer roles/namespaces.
You can use Kubescape (open source) to check if you are vulnerable. https://github.com/armosec/kubescape
Related posts
- Are you scanning your Kubernetes cluster with Kubescape? What are your thoughts?
- New Kubernetes vulnerability: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
- New Kubernetes high severity vulnerability alert: CVE-2021-25742
- Kubernetes Gateway API v1.0: Should You Switch?
- nginx ingress controller installation