CVE-2021-25742 log

Severity High
Remote Yes
Type Information disclosure
A security issue was discovered in ingress-nginx before versions 1.0.1 and 0.49.1 where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

This issue cannot be fixed solely by upgrading ingress-nginx. To mitigate, set allow-snippet-annotations to false in your ingress-nginx ConfigMap based on how you deploy ingress-nginx, see the references for more information.
Group Package Affected Fixed Severity Status Ticket
AVG-2490 kubectl-ingress-nginx 0.33.0-2 1.0.4-1 High Fixed
Date Advisory Group Package Severity Type
18 Nov 2021 ASA-202111-7 AVG-2490 kubectl-ingress-nginx High information disclosure