CVE-2023-5044

HIGH

ingress-nginx < 1.9.0 - Code Injection via nginx.ingress.kubernetes.io/permanent-redirect Annotation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2023-5044. PoCs published by r0binak, 4ARMED, KubernetesBachelor.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2023-5044, demonstrating code injection via the nginx.ingress.kubernetes.io/permanent-redirect annotation in Kubernetes Ingress. The exploit leverages a maliciously crafted annotation to inject Lua code, enabling remote command execution (RCE) by reading sensitive files or executing arbitrary commands.

Description

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.

Exploits (3)

nomisec WORKING POC 4 stars
by r0binak · poc
https://github.com/r0binak/CVE-2023-5044

This repository contains a functional exploit for CVE-2023-5044, demonstrating code injection via the nginx.ingress.kubernetes.io/permanent-redirect annotation in Kubernetes Ingress. The exploit leverages a maliciously crafted annotation to inject Lua code, enabling remote command execution (RCE) by reading sensitive files or executing arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Kubernetes Ingress-NGINX Controller (versions affected by CVE-2023-5044)
Auth required
Prerequisites: Access to deploy Kubernetes Ingress resources · Kubernetes cluster with vulnerable Ingress-NGINX Controller
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC 2 stars
by 4ARMED · poc
https://github.com/4ARMED/cve-2023-5044

This repository contains a functional Go-based exploit for CVE-2023-5044, targeting the Ingress Nginx controller. It automates the creation of a malicious ingress object to achieve remote code execution (RCE) by leveraging path traversal and command injection vulnerabilities.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Ingress Nginx controller (vulnerable versions)
Auth required
Prerequisites: Access to a Kubernetes cluster with permissions to create ingress objects · Vulnerable version of Ingress Nginx controller deployed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by KubernetesBachelor · poc
https://github.com/KubernetesBachelor/CVE-2023-5044

This repository provides a functional proof-of-concept exploit for CVE-2023-5044, leveraging a misconfiguration in the NGINX Ingress Controller to execute arbitrary Lua code and leak Kubernetes service account tokens. The exploit uses a crafted Ingress resource with malicious annotations to achieve remote code execution (RCE) within the ingress controller pod.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: NGINX Ingress Controller for Kubernetes
Auth required
Prerequisites: Kubernetes cluster with NGINX Ingress Controller deployed · Permissions to create/modify Ingress resources · Docker and Kind for local testing
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List, Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/10/25/3
Issue Tracking, Mitigation, Vendor Advisory issue-tracking
https://github.com/kubernetes/ingress-nginx/issues/10572

Scores

CVSS v3 7.6
EPSS 0.0894
EPSS Percentile 92.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-94 CWE-20
Status published
Products (2)
k8s.io/ingress-nginx 0 - 1.9.0Go
kubernetes/ingress-nginx < 1.9.0
Published Oct 25, 2023
Tracked Since Feb 18, 2026