AVG-2690 log
| Package | kubectl-ingress-nginx |
| Status | Fixed |
| Severity | High |
| Type | information disclosure |
| Affected | 1.1.3-1 |
| Fixed | 1.2.0-1 |
| Current | 1.12.0-1 [extra] |
| Ticket | None |
| Created | Tue May 3 21:11:42 2022 |
| Advisory | Pending |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-25746 | High | Yes | Information disclosure | a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking.k8s.io` or `extensions` API group)... |
| CVE-2021-25745 | High | Yes | Information disclosure | a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress object (in the networking.k8s.io` or... |
| References |
|---|
https://www.openwall.com/lists/oss-security/2022/04/22/5 https://www.openwall.com/lists/oss-security/2022/04/22/6 |