I was delivering a Kubernetes Security Review this week and the cluster was running version 1.7 of the ingress-nginx controller. This is affected by a few CVEs but notably CVE-2023-5044. This is a quick post about a PoC tool I’ve released to exploit it.

Background

CVE-2023-5044 allows for …