Ingress Nginx
CVE-2023-5043
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Ingress nginx annotation injection causes arbitrary command execution.
AnalysisAI
Ingress nginx annotation injection causes arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Ingress nginx annotation injection causes arbitrary command execution. Affected products include: Kubernetes Ingress-Nginx.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Ingress Nginx
View allA security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the cust
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulne
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and t
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today