The good news is that Wiz disclosed this mess to the developers overseeing Kubernetes in December 2024 and January 2025, and that fixes for five CVEs – collectively dubbed IngressNightmare by Wiz – were issued on March 10, with the details under embargo until now.
Nginx Controller version 1.12.1 and 1.11.5 fix the flaws – and they are available to download at this link.
Quick reference to find out what version ingress-nginx you’re running:
Quick reference to find out what version ingress-nginx you’re running:
$ kubectl exec -it -n NAMESPACE INGRESS_NGINX_CONTROLLER_POD -- /nginx-ingress-controller --version ------------------------------------------------------------------------------- NGINX Ingress controller Release: v1.11.2 Build: 46e76e5916813cfca2a9b0bfdc34b69a0000f6b9 Repository: https://github.com/kubernetes/ingress-nginx nginx version: nginx/1.25.5 -------------------------------------------------------------------------------🙁