A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-12628 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Fixes

Solution

No solution given by the vendor.


Workaround

This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published:

Updated: 2024-09-16T23:06:12.392Z

Reserved: 2021-01-21T00:00:00

Link: CVE-2021-25742

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-29T04:15:08.220

Modified: 2024-11-21T05:55:19.853

Link: CVE-2021-25742

cve-icon Redhat

Severity : Important

Publid Date: 2021-10-21T16:00:00Z

Links: CVE-2021-25742 - Bugzilla

cve-icon OpenCVE Enrichment

No data.