A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
References
Link | Resource |
---|---|
https://github.com/kubernetes/ingress-nginx/issues/7837 | Exploit Issue Tracking Mitigation Third Party Advisory |
https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY | Mailing List Mitigation Third Party Advisory |
https://security.netapp.com/advisory/ntap-20211203-0001/ | Third Party Advisory |
Configurations
History
15 Dec 2021, 14:06
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:* | |
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20211203-0001/ - Third Party Advisory |
03 Dec 2021, 08:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Nov 2021, 14:19
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.5
v3 : 7.1 |
CPE | cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:* |
|
CWE | NVD-CWE-noinfo | |
References | (CONFIRM) https://github.com/kubernetes/ingress-nginx/issues/7837 - Exploit, Issue Tracking, Mitigation, Third Party Advisory | |
References | (MLIST) https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY - Mailing List, Mitigation, Third Party Advisory |
29 Oct 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-10-29 04:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-25742
Mitre link : CVE-2021-25742
CVE.ORG link : CVE-2021-25742
JSON object : View
Products Affected
netapp
- trident
kubernetes
- ingress-nginx
CWE