---

CVE-2021-25745 - log back

CVE-2021-25745 edited at 03 May 2022 21:25:31
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress object (in the networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that redential has access to all secrets in the cluster.
References	+ https://github.com/kubernetes/ingress-nginx/issues/8502

CVE-2021-25745 created at 03 May 2022 21:23:57
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes