This content originally appeared on DEV Community and was authored by phani rudra
Hello friends
Recently, two important security issues were brought up by Wiz. These issues affect GitHub Actions and the Kubernetes Ingress-NGINX controller. If you are working in DevOps or managing infrastructure, please take these seriously. In this blog, I will explain them in simple language and also tell you how to fix them.
GitHub Actions Hijack Issue
What happened?
- A popular GitHub Action
tj-actions/changed-fileswas compromised - Malicious code was pushed and released in a version
- Using
@v35or other tags may fetch compromised code
What should you do?
- Use full commit SHA instead of version tag
uses: tj-actions/changed-files@9e5e6c7f3d2b84aafc35f45d2e80b2e3a1743b70
- Audit third-party actions
- Prefer verified sources
Kubernetes Ingress-NGINX Vulnerability (CVE-2025-1974)
What happened?
- Ingress-NGINX controller had a serious vulnerability
- Older versions (1.12.0 or below) allow unauthenticated command execution
What should you do?
- Upgrade to 1.11.5 or 1.12.1 or newer
- Use AWS ALB Ingress Controller if on Amazon EKS
- Ensure
ingress-nginx-controller-admissionis not publicly exposed
Conclusion
- Stay updated on security alerts
- Review and secure your GitHub workflows
- Upgrade Ingress controllers on your clusters
- Reach out if you need help
Lakshmi Phanindra Rudra
Technical Lead - DevSecOps and Cloud Engineering
WinWire Technologies
This content originally appeared on DEV Community and was authored by phani rudra
phani rudra | Sciencx (2025-04-13T15:23:51+00:00) Recent Security Alerts: GitHub Actions Hijack and Kubernetes Ingress-NGINX Vulnerability. Retrieved from https://www.scien.cx/2025/04/13/recent-security-alerts-github-actions-hijack-and-kubernetes-ingress-nginx-vulnerability/
Please log in to upload a file.
There are no updates yet.
Click the Upload button above to add an update.