Mune ingress-nginx controller yakagadziridzwa neKubernetes purojekiti, kusakwana kutatu kwakaonekwa kunobvumira, mukusarudzika kumisikidzwa, kuwana kune zvigadziriso zveIngress chinhu, icho, pakati pezvimwe zvinhu, chinochengeta magwaro ekuwana Kubernetes maseva, achibvumira rombo rakanaka kuwana. kuboka. Matambudziko anongoonekwa mune ingress-nginx controller kubva kuKubernetes purojekiti uye haakanganisa kubernetes-ingress controller yakagadziridzwa nevagadziri veNGINX.
Iyo ingress controller inoita segedhi uye inoshandiswa muKubernetes kuronga kupinda kubva kune yekunze network kune masevhisi mukati mesumbu. Iyo ingress-nginx controller ndiyo inonyanya kufarirwa uye inoshandisa sevha yeNGINX kutumira zvikumbiro kune cluster, nzira yekunze zvikumbiro, uye chiyero chemutoro. Iyo Kubernetes purojekiti inopa epakati ingress controllers yeAWS, GCE, uye nginx, iyo yekupedzisira iyo isina hukama neimwe kubernetes-ingress controller inochengetwa neF5/NGINX.
Vulnerabilities CVE-2023-5043 uye CVE-2023-5044 inokutendera kuti uite kodhi yako pane server nekodzero dzeiyo ingress controller process, uchishandisa "nginx.ingress.kubernetes.io/configuration-snippet" uye "nginx.ingress" .kubernetesβ zvimiro zvekuitsiva .io/permanent-redirect." Pakati pezvimwe zvinhu, kodzero dzekuwana dzakawanwa dzinokutendera kuti utorezve chiratidzo chakashandiswa kutsigira padanho rekutonga sumbu. Kusagadzikana CVE-2022-4886 inokutendera kuti upfuure faira nzira yekuongorora uchishandisa iyo log_format rairo.
Kusagadzikana kuviri kwekutanga kunoonekwa chete mu ingress-nginx kuburitswa pamberi pevhezheni 1.9.0, uye yekupedzisira - isati yasvika vhezheni 1.8.0. Kuti aite kurwisa, munhu anorwisa anofanirwa kuwana kugadziridzwa kwechinhu chinopinda, semuenzaniso, mumasumbu akawanda eKubernetes, umo vashandisi vanopihwa kugona kugadzira zvinhu munzvimbo yavo yezita.
Source: opennet.ru