nginx

ingress

tools

penetration-testing

Exploit Code for Ingress Nginx CVE-2023-5044

18 January 2024

I was delivering a Kubernetes Security Review this week and the cluster was running version 1.7 of the ingress-nginx controller. This is affected by a few CVEs but notably CVE-2023-5044. This is a quick post about a PoC tool I’ve released to exploit it.

Background

CVE-2023-5044 allows for …

Read