AVG-2690 log

Package kubectl-ingress-nginx
Status Vulnerable
Severity High
Type information disclosure
Affected 1.1.3-1
Fixed 1.2.0-1
Current 1.0.4-2 [community]
Ticket Create
Created Tue May 3 21:11:42 2022
Issue Severity Remote Type Description
CVE-2021-25746 High Yes Information disclosure
a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking.k8s.io` or `extensions` API group)...
CVE-2021-25745 High Yes Information disclosure
a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress object (in the networking.k8s.io` or...
References
https://www.openwall.com/lists/oss-security/2022/04/22/5
https://www.openwall.com/lists/oss-security/2022/04/22/6