Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Addressing the Latest Kubernetes NGINX Ingress Controller CVE-2024-7646 Vulnerability #1136

Merged
merged 9 commits into from
Sep 10, 2024
Merged

Addressing the Latest Kubernetes NGINX Ingress Controller CVE-2024-7646 Vulnerability #1136

merged 9 commits into from
Sep 10, 2024

Conversation

anuddeeph1
Copy link
Contributor

Related Issue(s)

Description

This policy ensures that Ingress resources do not have certain disallowed annotations and that the ingress-nginx controller Pod is running an appropriate version of the image. It checks for the presence of the nginx.ingress.kubernetes.io/server-snippet annotation and disallows its usage, enforces specific values for auth-tls-verify-client, and ensures that the ingress-nginx controller image is of the required version.

Checklist

  • [] I have read the policy contribution guidelines.
  • [] I have added test manifests and resources covering both positive and negative tests that prove this policy works as intended.
  • [] I have added the artifacthub-pkg.yml file and have verified it is complete and correct.

@anuddeeph1
CVE-2024-7646 fix
56c36f0 
Signed-off-by: anuddeeph1 <[email protected]>
@realshuting
Copy link
Member

Hi @anuddeeph1 - there are 11 failures, can you please take a look?

@anuddeeph1
Copy link
Contributor Author

Hi @anuddeeph1 - there are 11 failures, can you please take a look?

Hi @realshuting, The 11 failures is for different policies, The failures are not related to this policy

@realshuting realshuting merged commit b72b6bd into kyverno:main Sep 10, 2024
276 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@realshuting realshuting realshuting approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@anuddeeph1 @realshuting