kubectl-ingress-nginx

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description kubectl plugin for managing NGINX Ingress Controller for Kubernetes
Version 1.0.4-2 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2690 1.1.3-1 1.2.0-1 High Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-25746 AVG-2690 High Yes Information disclosure
a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking.k8s.io` or `extensions` API group)...
CVE-2021-25745 AVG-2690 High Yes Information disclosure
a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress object (in the networking.k8s.io` or...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2490 0.33.0-2 1.0.4-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-25742 AVG-2490 High Yes Information disclosure
A security issue was discovered in ingress-nginx before versions 1.0.1 and 0.49.1 where a user that can create or update ingress objects can use the custom...

Advisories

Date Advisory Group Severity Type
18 Nov 2021 ASA-202111-7 AVG-2490 High information disclosure