Mu ingress-nginx controller yopangidwa ndi polojekiti ya Kubernetes, zofooka zitatu zadziwika zomwe zimalola, muzosintha zosasintha, kupeza zoikidwiratu za chinthu cha Ingress, chomwe, mwa zina, chimasunga zidziwitso zopezera ma seva a Kubernetes, kulola mwayi wopeza mwayi. ku cluster. Mavuto amangowoneka mu ingress-nginx controller kuchokera ku polojekiti ya Kubernetes ndipo samakhudza wolamulira wa kubernetes-ingress wopangidwa ndi opanga NGINX.
Wowongolera ingress amakhala ngati chipata ndipo amagwiritsidwa ntchito ku Kubernetes kukonza zolowera kuchokera pa netiweki yakunja kupita ku mautumiki mkati mwa gululo. Wolamulira wa ingress-nginx ndiye wotchuka kwambiri ndipo amagwiritsa ntchito seva ya NGINX kutumiza zopempha kumagulu, njira zopempha zakunja, ndi kulemera kwa katundu. Pulojekiti ya Kubernetes imapereka owongolera oyambira a AWS, GCE, ndi nginx, omaliza omwe sanagwirizane ndi kubernetes-ingress controller yosungidwa ndi F5/NGINX.
Vulnerabilities CVE-2023-5043 ndi CVE-2023-5044 imakulolani kuti mugwiritse ntchito code yanu pa seva ndi ufulu wa ingress controller process, pogwiritsa ntchito "nginx.ingress.kubernetes.io/configuration-snippet" ndi "nginx.ingress" .kubernetes" magawo kuti mulowe m'malo mwa .io/permanent-redirect." Mwa zina, ufulu wopeza mwayi umakulolani kuti mutengenso chizindikiro chomwe chimagwiritsidwa ntchito potsimikizira pamlingo wowongolera magulu. Chiwopsezo cha CVE-2022-4886 chimakulolani kuti mudutse kutsimikizira njira yamafayilo pogwiritsa ntchito log_format malangizo.
Zofooka ziwiri zoyambirira zimangowoneka pakutulutsa kwa ingress-nginx pamaso pa 1.9.0, ndipo chomaliza - chisanachitike 1.8.0. Kuti achite chiwembu, wowukirayo ayenera kukhala ndi mwayi wokonzekera chinthu cholowera, mwachitsanzo, m'magulu amtundu wa Kubernetes, momwe ogwiritsa ntchito amapatsidwa mwayi wopanga zinthu m'malo awo.
Source: opennet.ru