7.1
CVSSv3

CVE-2021-25742

Published: 29/10/2021 Updated: 15/12/2021
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N

Vulnerability Summary

A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes ingress-nginx

kubernetes ingress-nginx 1.0.0

netapp trident -

Vendor Advisories

No description is available for this CVE ...
Arch Linux Security Advisory ASA-202111-7 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-25742 Package : kubectl-ingress-nginx Type : information disclosure Remote : Yes Link : securityarchlinuxorg/AVG-2490 Summary ======= The package kubectl-ingress-nginx before version 104-1 ...
A security issue was discovered in ingress-nginx before versions 101 and 0491 where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster This issue cannot be fixed solely by upgrading ingress-nginx To mitigate, set allow-snippet-annotations to false in your ingress-nginx Co ...

Mailing Lists

Hello Kubernetes Community, A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster This issue has been rated High (CVSS:31/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L <wwwfirstorg/cvss/calculator/31#CVSS:31/AV:N/AC:L/ ...