CVE-2021-25746 log
Source |
|
Severity | High |
Remote | Yes |
Type | Information disclosure |
Description | a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2690 | kubectl-ingress-nginx | 1.1.3-1 | 1.2.0-1 | High | Vulnerable |
References |
---|
https://github.com/kubernetes/ingress-nginx/issues/8503 |