Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
490
VMScore

CVE-2021-25742

Published: 29/10/2021 Updated: 15/12/2021
CVSS v2 Base Score: 5.5 | Impact Score: 4.9 | Exploitability Score: 8
CVSS v3 Base Score: 7.1 | Impact Score: 4.2 | Exploitability Score: 2.8
VMScore: 490
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N
Subscribe to Kubernetes

Vulnerability Summary

A security issue exists in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

kubernetes ingress-nginx

kubernetes ingress-nginx 1.0.0

netapp trident -

Vendor Advisories

Red Hat: CVE-2021-25742
No description is available for this CVE ...
Arch Linux Issues:
A security issue was discovered in ingress-nginx before versions 101 and 0491 where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster This issue cannot be fixed solely by upgrading ingress-nginx To mitigate, set allow-snippet-annotations to false in your ingress-nginx Co ...

Mailing Lists

Full Disclosure: [kubernetes] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> [kubernetes] CVE-2021-25742: Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets a ...

Github Repositories

https://github.com/cruise-automation/k-rail

Kubernetes security tool for policy enforcement

The k-rail project has been deprecated and will receive no new features or bugfixes except in the case of critical security vulnerabilities We recommend migrating to an actively developed tool like OPA Gatekeeper that provides similar functionality k-rail is a workload policy enforcement tool for Kubernetes It can help you secure a multi tenant cluster with minimal disrupti

https://github.com/ruben-rodriguez/micro-frontends-in-k8s

Some YAML files used while exploring options to implement micro-frontend architectures in Kubernetes and with Ingress Nginx controller.

Micro-frontends in Kubernetes Some YAML files used while exploring options to implement micro-frontend architectures in Kubernetes and with Ingress Nginx controller This YAMLs are the companion resources for an article I wrote in my personal blog: Micro-frontends and Ingress Nginx - Server Side Includes For testing out the different configuration scenarios, I recommend using a

References

NVD-CWE-noinfohttps://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQYhttps://github.com/kubernetes/ingress-nginx/issues/7837https://security.netapp.com/advisory/ntap-20211203-0001/https://nvd.nist.govhttps://github.com/cruise-automation/k-railhttps://access.redhat.com/security/cve/cve-2021-25742
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook