VIEW RULE IN DATADOG VIEW MISCONFIGURATIONS

Set up the kubernetes integration.

Description

This check assesses Kubernetes clusters for vulnerabilities associated with the Ingress NGINX Controller, collectively known as “IngressNightmare.” These critical vulnerabilities, including CVE-2025-1974, CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, and CVE-2025-1098, can allow unauthenticated remote code execution (RCE) and unauthorized access to sensitive data within the cluster. Exploitation of these vulnerabilities could lead to a complete cluster takeover.

Remediation

To mitigate the risks associated with the IngressNightmare vulnerabilities:

1. Update the Ingress NGINX Controller:
   Upgrade to the latest patched versions—1.12.1, 1.11.5, or 1.10.7—which address these vulnerabilities.

2. Restrict Access to the Admission Controller:
   Ensure that the admission webhook endpoint is not exposed externally. Limit access to only the Kubernetes API server to prevent unauthorized ingress object submissions.

3. Monitor and Detect Exploitation Attempts:
   Implement monitoring solutions to detect unusual activities, such as loading shared libraries from the /proc filesystem within the NGINX Ingress container, which may indicate exploitation attempts.

For detailed guidance on these vulnerabilities and their mitigation, refer to the Kubernetes Official Blog on CVE-2025-1974.