October 30, 2023 at 04:09PM Three high-severity bugs in the NGINX ingress controller for Kubernetes have been identified. These vulnerabilities, listed as CVE-2023-5043, CVE-2023-5044, and CVE-2022-4886, can potentially enable attackers to steal credentials and other sensitive information from Kubernetes clusters. The flaws have yet to be patched and it is unknown if they have been … Read more
October 30, 2023 at 03:18AM Unpatched security flaws have been discovered in the NGINX Ingress controller for Kubernetes. These vulnerabilities (CVE-2022-4886, CVE-2023-5043, CVE-2023-5044) could allow threat actors to steal secret credentials, execute arbitrary commands, and inject code into the ingress controller. Mitigations have been released, but updating NGINX and enabling strict path validation is recommended. … Read more
October 11, 2023 at 08:24AM Tech companies including Cloudflare, AWS, and Google have responded to the HTTP/2 zero-day vulnerability that led to massive distributed denial-of-service attacks. The attacks exploited the HTTP/2 Rapid Reset feature, resulting in servers being taken down. Organizations like CISA, Microsoft, NGINX, F5, Netty, Apache, Swift, and Linux distributions have issued advisories … Read more