all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Urgent: New Security Flaws Discovered in NGINX Ingress Controller for Kubernetes

Add to bookmarks
Oct. 30, 2023, 6:46 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster.
The vulnerabilities are as follows - 

CVE-2022-4886 (CVSS score: 8.8) - Ingress-nginx path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller
CVE-2023-5043 (

actor cluster controller credentials cve cvss flaws high kubernetes nginx path score secret security security flaws severity steal threat threat actor unpatched urgent vulnerabilities

Visit resource

More from thehackernews.com / The Hacker News

Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components an hour ago | thehackernews.com
access account android android devices +20
New 'Cuckoo' Persistent macOS Spyware Targeting Intel and Arm Macs 3 hours ago | thehackernews.com
act apple apple macos arm +19
Microsoft Outlook Flaw Exploited by Russia's APT28 to Hack Czech, German Entities 2 days, 2 hours ago | thehackernews.com
actor apt28 campaign cyber +24
Expert-Led Webinar - Uncovering Latest DDoS Tactics and Learn How to Fight Back 2 days, 22 hours ago | thehackernews.com
address attacks back business +22
Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications 2 days, 22 hours ago | thehackernews.com
abusing aim amp api +25
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data 3 days ago | thehackernews.com
address applications business corporate +15
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources 3 days, 1 hour ago | thehackernews.com
advisory agency alert cybersecurity +22
Google Announces Passkeys Adopted by Over 400 Million Accounts 3 days, 4 hours ago | thehackernews.com
accounts easy fingerprint google +8
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks 3 days, 6 hours ago | thehackernews.com
address aruba aruba networks arubaos +34

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Head of Security Operations

@ Canonical Ltd. | Home based - Americas, EMEA
View on infosec-jobs.com

Security Specialist

@ Lely | Maassluis, Netherlands
View on infosec-jobs.com

Senior Cyber Incident Response (Hybrid)

@ SmartDev | Cầu Giấy, Vietnam
View on infosec-jobs.com

Sr Security Engineer - Colombia

@ Nubank | Colombia, Bogota
View on infosec-jobs.com

Security Engineer, Investigations - i3

@ Meta | Menlo Park, CA | Washington, DC | Remote, US
View on infosec-jobs.com

Cyber Security Engineer

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com
View more jobs