kubectl-ingress-nginx
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | kubectl plugin for managing NGINX Ingress Controller for Kubernetes |
| Version | 1.0.4-3 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2690 | 1.1.3-1 | 1.2.0-1 | High | Vulnerable |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-25746 | AVG-2690 | High | Yes | Information disclosure | a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object (in the `networking.k8s.io` or `extensions` API group)... |
| CVE-2021-25745 | AVG-2690 | High | Yes | Information disclosure | a user that can create or update ingress objects can use the `spec.rules[].http.paths[].path` field of an Ingress object (in the networking.k8s.io` or... |
Resolved
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2490 | 0.33.0-2 | 1.0.4-1 | High | Fixed |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2021-25742 | AVG-2490 | High | Yes | Information disclosure | A security issue was discovered in ingress-nginx before versions 1.0.1 and 0.49.1 where a user that can create or update ingress objects can use the custom... |
Advisories
| Date | Advisory | Group | Severity | Type |
|---|---|---|---|---|
| 18 Nov 2021 | ASA-202111-7 | AVG-2490 | High | information disclosure |