CVE-2025-1974: vulnerabilities that could make it easy for attackers to take over your Kubernetes cluster
(kubernetes.io)
from beerclue@lemmy.world to selfhosted@lemmy.world on 26 Mar 09:36
https://lemmy.world/post/27407357
from beerclue@lemmy.world to selfhosted@lemmy.world on 26 Mar 09:36
https://lemmy.world/post/27407357
cross-posted from: lemmy.world/post/27407351
When combined with today’s other vulnerabilities, CVE-2025-1974 means that anything on the Pod network has a good chance of taking over your Kubernetes cluster, with no credentials or administrative access required.
threaded - newest
Great callout, thanks for posting
Isn’t this only for people running NGINX?
Yes it’s defects in the ingress-nginx controller package.