CVE-2023-5044
HIGH
Published 2023-10-25T19:19:08.139Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2023-5044. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1
7.6
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
Base Score Metrics
Exploitability: N/A
Impact: N/A
EPSS Score
v2025.03.14
0.066
probability
of exploitation in the wild
There is a 6.6% chance that this vulnerability will be exploited in the wild within the next 30 days.
Updated: 2025-06-25
Exploit Probability
Percentile: 0.907
Higher than 90.7% of all CVEs
Attack Vector Metrics
Impact Metrics
Description
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
HIGH
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
GHSA-fp9f-44c2-cw27Advisory Details
A security issue was identified in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the nginx.ingress.kubernetes.io/permanent-redirect annotation on an Ingress object (in the networking.k8s.io or extensions API group) can be used to inject arbitrary commands, and obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
Affected Packages
Go
k8s.io/ingress-nginx
ECOSYSTEM:
≥0
<1.9.0
CVSS Scoring
CVSS Score
7.5
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
References
Advisory provided by GitHub Security Advisory Database. Published: October 25, 2023, Modified: February 13, 2025
References
Published: 2023-10-25T19:19:08.139Z
Last Modified: 2025-02-13T17:19:27.214Z
Copied to clipboard!