Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-25746 - log back

CVE-2021-25746 edited at 03 May 2022 21:23:03

Severity

-	Unknown
+	High

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+

a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

References

+	https://github.com/kubernetes/ingress-nginx/issues/8503

Notes

CVE-2021-25746 created at 03 May 2022 21:11:42