Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
CVE-2021-25742
7.6HIGH
What is CVE-2021-25742?
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Affected Version(s)
Kubernetes ingress-nginx <= 0.49.0
Kubernetes ingress-nginx <= 1.0.0