Cybersecurity

6803 readers

185 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago

MODERATORS

[email protected]

Public-facing Kubernetes clusters at risk of total takeover (go.theregister.com)

submitted 21 hours ago by [email protected] to c/[email protected]

7 comments fedilink hide all child comments

top 7 comments

sorted by: hot top controversial new old

[–] [email protected] 5 points 19 hours ago

The good news is that Wiz disclosed this mess to the developers overseeing Kubernetes in December 2024 and January 2025, and that fixes for five CVEs – collectively dubbed IngressNightmare by Wiz – were issued on March 10, with the details under embargo until now.

Nginx Controller version 1.12.1 and 1.11.5 fix the flaws – and they are available to download at this link.

Quick reference to find out what version ingress-nginx you're running:

$ kubectl exec -it -n NAMESPACE INGRESS_NGINX_CONTROLLER_POD -- /nginx-ingress-controller --version
-------------------------------------------------------------------------------
NGINX Ingress controller
  Release:       v1.11.2
  Build:         46e76e5916813cfca2a9b0bfdc34b69a0000f6b9
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.25.5

-------------------------------------------------------------------------------

🙁

[–] [email protected] 6 points 21 hours ago (1 children)

[...] a specially-crafted Ingress object can cause nginx to misbehave in various ways, including revealing the values of Secrets that are accessible to ingress-nginx. By default, ingress-nginx has access to all Secrets cluster-wide, [...]

Holy crap, what if I'm gonna be home for a couple of days?

[–] [email protected] 4 points 20 hours ago

Yeah, whatever you were planning on doing, you're doing this instead.

[–] [email protected] 3 points 21 hours ago

I've found a few exposed /metrics for kubernetes stuff because their IP poked my honeypot. I'd assume they've been hacked and turned into a botnet or something.

[–] [email protected] 0 points 21 hours ago (1 children)

Use watchtower folks if you're self hosting. https://containrrr.dev/watchtower/

[–] [email protected] 0 points 16 hours ago (1 children)

That’s docker, not kubernetes.

[–] [email protected] 1 points 15 hours ago* (last edited 15 hours ago)

You're correct

https://github.com/k0rventen/k8s-watchtower

https://kubernetes.github.io/ingress-nginx/deploy/upgrade/