CVE-2023-5044

This repository contains a functional exploit for CVE-2023-5044, demonstrating code injection via the nginx.ingress.kubernetes.io/permanent-redirect annotation in Kubernetes Ingress. The exploit leverages a maliciously crafted annotation to inject Lua code, enabling remote command execution (RCE) by reading sensitive files or executing arbitrary commands.

This repository contains a functional Go-based exploit for CVE-2023-5044, targeting the Ingress Nginx controller. It automates the creation of a malicious ingress object to achieve remote code execution (RCE) by leveraging path traversal and command injection vulnerabilities.

This repository provides a functional proof-of-concept exploit for CVE-2023-5044, leveraging a misconfiguration in the NGINX Ingress Controller to execute arbitrary Lua code and leak Kubernetes service account tokens. The exploit uses a crafted Ingress resource with malicious annotations to achieve remote code execution (RCE) within the ingress controller pod.