Hello friends
Recently, two important security issues were brought up by Wiz. These issues affect GitHub Actions and the Kubernetes Ingress-NGINX controller. If you are working in DevOps or managing infrastructure, please take these seriously. In this blog, I will explain them in simple language and also tell you how to fix them.
GitHub Actions Hijack Issue
What happened?
- A popular GitHub Action
tj-actions/changed-fileswas compromised - Malicious code was pushed and released in a version
- Using
@v35or other tags may fetch compromised code
What should you do?
- Use full commit SHA instead of version tag
uses: tj-actions/changed-files@9e5e6c7f3d2b84aafc35f45d2e80b2e3a1743b70- Audit third-party actions
- Prefer verified sources
Kubernetes Ingress-NGINX Vulnerability (CVE-2025-1974)
What happened?
- Ingress-NGINX controller had a serious vulnerability
- Older versions (1.12.0 or below) allow unauthenticated command execution
What should you do?
- Upgrade to 1.11.5 or 1.12.1 or newer
- Use AWS ALB Ingress Controller if on Amazon EKS
- Ensure
ingress-nginx-controller-admissionis not publicly exposed
Conclusion
- Stay updated on security alerts
- Review and secure your GitHub workflows
- Upgrade Ingress controllers on your clusters
- Reach out if you need help
Lakshmi Phanindra Rudra
Technical Lead - DevSecOps and Cloud Engineering
