Ho molaoli oa ingress-nginx o ntlafalitsoeng ke morero oa Kubernetes, ho khethiloe mefokolo e meraro e lumellang, ka tlhophiso ea kamehla, ho fihlella litlhophiso tsa ntho ea Ingress, eo, har'a lintho tse ling, e bolokang lintlha tsa ho fumana li-server tsa Kubernetes, tse lumellang phihlelo e khethehileng. ho sehlopha. Mathata a hlaha feela ho molaoli oa ingress-nginx ho tloha morero oa Kubernetes mme ha a ame molaoli oa kubernetes-ingress o entsoeng ke baetsi ba NGINX.
Molaoli oa ingress o sebetsa joalo ka heke mme o sebelisoa ho Kubernetes ho hlophisa phihlello ho tsoa marang-rang a kantle ho ea lits'ebeletso ka har'a sehlopha. Molaoli oa ingress-nginx ke eena ea tummeng ka ho fetisisa 'me o sebelisa seva sa NGINX ho fetisetsa likōpo ho sehlopha, ho tsamaisa likopo tsa ka ntle, le tekanyo ea mojaro. Morero oa Kubernetes o fana ka balaoli ba mantlha ba ingress bakeng sa AWS, GCE, le nginx, eo ea morao-rao e sa amaneng ka tsela leha e le efe le molaoli oa kubernetes-ingress o hlokometsoeng ke F5/NGINX.
Vulnerabilities CVE-2023-5043 le CVE-2023-5044 li u lumella ho phethahatsa khoutu ea hau ho seva ka litokelo tsa tsamaiso ea ingress controller, u sebelisa "nginx.ingress.kubernetes.io/configuration-snippet" le "nginx.ingress" .kubernetes" litlhophiso tsa ho e nkela sebaka .io/permanent-redirect." Har'a lintho tse ling, litokelo tsa phihlello tse fumanoeng li u lumella ho fumana lets'oao le sebelisitsoeng bakeng sa netefatso maemong a taolo ea sehlopha. Kotsi CVE-2022-4886 e u lumella ho feta netefatso ea tsela ea faele u sebelisa taelo ea log_format.
Mefokolo e 'meli ea pele e hlaha feela ho ingress-nginx pele ho mofuta oa 1.9.0, le ea ho qetela - pele ho mofuta oa 1.8.0. Ho etsa tlhaselo, mohlaseli o tlameha ho ba le phihlello ea tlhophiso ea ntho e kenang, ka mohlala, ka lihlopha tse ngata tsa Kubernetes tse hiriloeng, tseo basebelisi ba fuoang bokhoni ba ho theha lintho sebakeng sa bona sa mabitso.
Source: opennet.ru