Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
No PoCs from references.
- https://github.com/ARPSyndicate/cvemon
- https://github.com/EGI-Federation/SVG-advisories
- https://github.com/FishAnonymous/CAShift-Record
- https://github.com/cloud-Xolt/CVE
- https://github.com/cruise-automation/k-rail
- https://github.com/kajogo777/kubernetes-misconfigured
- https://github.com/khu-capstone-design/kubernetes-vulnerability-investigation
- https://github.com/mnbf9rca/kubernetes_config
- https://github.com/noirfate/k8s_debug
- https://github.com/ruben-rodriguez/micro-frontends-in-k8s