CVE-2023-5044Improper Input Validation in Kubernetes Ingress-nginx

CWE-20Improper Input ValidationCWE-94Code Injection8 documents6 sources
Severity
8.8HIGHNVD
CNA7.6
EPSS
9.7%
top 7.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Kubernetes Ingress-nginxK8s.io Ingress-nginx
Timeline
PublishedOct 25
Latest updateMar 27

Description

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5kubernetes/ingress-nginx< 1.9.0

🔴Vulnerability Details

4
OSV
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in k8s.io/ingress-nginx2024-06-28
GHSA
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation2023-10-25
OSV
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation2023-10-25
CVEList
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation2023-10-25

🔍Detection Rules

2
Suricata
ET WEB_SERVER Kubernetes Ingress NGINX Controller configuration-snippet Annotation Injection (CVE-2023-5044)2025-03-27
Suricata
ET WEB_SERVER Kubernetes Ingress NGINX Controller permanent-redirect Annotation Injection (CVE-2023-5044)2025-03-27
CVE-2023-5044 — Improper Input Validation in Kubernetes | cvebase