https://blog.qife122.com/tags/nginx-ingress/ Recent content in Nginx-Ingress on 办公AI智能小助手 Hugo zh-cn qife Sun, 11 Jan 2026 20:41:29 +0800 https://blog.qife122.com/p/%E8%AD%A6%E6%83%95nginx-ingress%E9%AB%98%E5%8D%B1%E6%BC%8F%E6%B4%9Ecve-2023-5044%E9%80%9A%E8%BF%87%E6%B3%A8%E8%A7%A3%E5%AE%9E%E7%8E%B0%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/ Sun, 11 Jan 2026 20:41:29 +0800 https://blog.qife122.com/p/%E8%AD%A6%E6%83%95nginx-ingress%E9%AB%98%E5%8D%B1%E6%BC%8F%E6%B4%9Ecve-2023-5044%E9%80%9A%E8%BF%87%E6%B3%A8%E8%A7%A3%E5%AE%9E%E7%8E%B0%E4%BB%A3%E7%A0%81%E6%B3%A8%E5%85%A5/ <p>在ingress-nginx中发现了一个安全问题，攻击者可以通过Ingress对象（属于<code>networking.k8s.io</code>或<code>extensions</code> API组）上的<code>nginx.ingress.kubernetes.io/permanent-redirect</code>注解，注入任意命令并获取ingress-nginx控制器的凭据。在默认配置下，该凭据拥有访问集群中所有Secret的权限。</p>