Three unpatched high-severity security flaws have been disclosed in theNGINX Ingress controllerfor Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster. The vulnerabilities are as follows -
CVE-2022-4886(CVSS score: 8.8) -Ingress-nginxpath sanitization can be bypassed to obtain the credentials of the ingress-nginx controller CVE-2023-5043(