Kusilawuli se-ingress-nginx esathuthukiswe iphrojekthi ye-Kubernetes, kukhonjwe ubungozi obuthathu obuvumela, ekucushweni okuzenzakalelayo, ukufinyelela kuzilungiselelo zento ye-Ingress, okuthi, phakathi kwezinye izinto, igcine izifakazelo zokufinyelela amaseva e-Kubernetes, okuvumela ukufinyelela okunelungelo. kuqoqo. Izinkinga zivela kuphela kusilawuli se-ingress-nginx kusukela kuphrojekthi ye-Kubernetes futhi asithinti isilawuli se-kubernetes-ingress esakhiwe abathuthukisi be-NGINX.
Isilawuli sokungena sisebenza njengesango futhi sisetshenziswa ku-Kubernetes ukuhlela ukufinyelela kusuka kunethiwekhi yangaphandle kuya kumasevisi ngaphakathi kweqoqo. Isilawuli se-ingress-nginx yisona esithandwa kakhulu futhi sisebenzisa iseva ye-NGINX ukudlulisa izicelo ku-cluster, umzila wezicelo zangaphandle, kanye nebhalansi yokulayisha. Iphrojekthi ye-Kubernetes ihlinzeka ngezilawuli eziyinhloko zokungena ze-AWS, GCE, ne-nginx, ezokugcina ezingahlobene neze nesilawuli se-kubernetes-ingress esinakekelwa yi-F5/NGINX.
Ubungozi be-CVE-2023-5043 kanye ne-CVE-2023-5044 bukuvumela ukuthi usebenzise ikhodi yakho kuseva ngamalungelo enqubo yesilawuli sokungena, usebenzisa i-βnginx.ingress.kubernetes.io/configuration-snippetβ kanye ne-βnginx.ingress .kubernetesβ izinhlaka zokuyishintsha .io/permanent-redirect." Phakathi kwezinye izinto, amalungelo okufinyelela atholiwe akuvumela ukuthi ubuyise ithokheni esetshenziselwa ukuqinisekiswa ezingeni lokuphatha iqoqo. Ukuba sengozini kwe-CVE-2022-4886 kukuvumela ukuthi udlule ukuqinisekiswa kwendlela yefayela usebenzisa isiqondiso se-log_format.
Ubungozi obubili bokuqala buvela kuphela ekukhishweni kwe-ingress-nginx ngaphambi kwenguqulo 1.9.0, kanye neyokugcina - ngaphambi kwenguqulo 1.8.0. Ukuze enze ukuhlasela, umhlaseli kufanele abe nokufinyelela ekucushweni kwento yokungena, isibonelo, kumaqoqo e-Kubernetes abaqashile abaningi, lapho abasebenzisi banikezwa khona amandla okudala izinto endaweni yabo yamagama.
Source: opennet.ru