关联漏洞
标题:
Kubernetes ingress-nginx 安全漏洞
(CVE-2025-1974)
描述:Kubernetes ingress-nginx是云原生计算基金会(Cloud Native Computing Foundation)开源的Kubernetes 的入口控制器,使用NGINX作为反向代理和负载均衡器。 Kubernetes ingress-nginx存在安全漏洞,该漏洞源于在某些条件下,未认证的攻击者可通过访问pod网络在ingress-nginx控制器环境中执行任意代码,可能导致Secrets泄露。
描述
Worlds First Public POC for CVE-2025-1974 lol
介绍
# IngressNightmare-POCs
- CVE-2025-24513: https://github.com/kubernetes/kubernetes/issues/131005
- CVE-2025-24514: https://github.com/kubernetes/kubernetes/issues/131006
- CVE-2025-1097: https://github.com/kubernetes/kubernetes/issues/131007
- CVE-2025-1098: https://github.com/kubernetes/kubernetes/issues/131008
- CVE-2025-1974: https://github.com/kubernetes/kubernetes/issues/131009
Note: Created these POCs before Wiz released the technical information. This may become out of date.
These are also not full exploits, rather they are POCs to understand the exploit flow and vulnerability prerequisites
## More Info
https://blog.shakeylabs.com/ingressnightmare-patch-analysis/
## Shodan Scan
https://www.shodan.io/search?query=ssl%3A%22Issuer%3A+O%3Dnil1%22+port%3A8443+country%3A%22US%22&page=2
文件快照
[4.0K] /data/pocs/c5314caf67418016fc16be76661f289545f38395
├── [4.0K] CVE-2025-1974
│ ├── [ 0] detect.py
│ ├── [ 367] example.yaml
│ ├── [ 86] exploit.py
│ ├── [1.0K] poc.json
│ └── [7.0K] README.md
├── [ 606] example-ingress.yaml
├── [ 15K] ingress-nginx-controller.yaml
└── [ 807] README.md
1 directory, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。