Vulnerabilities > CVE-2021-25742
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
LOW Availability impact
NONE Summary
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Vulnerable Configurations
References
- https://github.com/kubernetes/ingress-nginx/issues/7837
- https://github.com/kubernetes/ingress-nginx/issues/7837
- https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY
- https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY
- https://security.netapp.com/advisory/ntap-20211203-0001/
- https://security.netapp.com/advisory/ntap-20211203-0001/