关联漏洞
标题:
Kubernetes ingress-nginx 安全漏洞
(CVE-2025-1974)
描述:Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
描述
POC IngressNightmare (CVE-2025-1974), modified from https://github.com/yoshino-s/CVE-2025-1974
介绍
# POC of IngressNightmare (CVE-2025-1974)
>Developed from:
- https://github.com/yoshino-s/CVE-2025-1974
- https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
Talk is cheap, just look at the code.
Detailed can be found at https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
## Usage
1. Change the ip in `shell.c`
2. Check the docker is available and run `make shell.so`. (We need to build so in alpine to make sure it can works in nginx-ingress-controller which is base on musl-libc)
3. Run `python3 exploit.py` to get your shell.
> You may need to change the range at line 25 and 26, which indicates the range of the pid and fd. The default value is a compromise between the speed and the success rate.
文件快照
[4.0K] /data/pocs/94b0750893bf00a55f7183317e5b00a3095fef4a
├── [ 328] build.sh
├── [2.2K] exploit.py
├── [ 100] Makefile
├── [ 183] pyproject.toml
├── [ 734] README.md
├── [1.8K] req.json
├── [ 425] req.yaml
├── [ 715] shell.c
└── [5.3K] uv.lock
0 directories, 9 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。