Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
CVE-2021-25742

7.6HIGH

Key Information:

Vendor: Kubernetes
Status: Kubernetes Ingress-nginx
Vendor: CVE Published:; 29 October 2021

Summary

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Affected Version(s)

Kubernetes ingress-nginx <= 0.49.0

Kubernetes ingress-nginx <= 1.0.0

References

https://groups.google.com/g/kubernetes-security-announce/...

x_refsource_MISC

https://github.com/kubernetes/ingress-nginx/issues/7837

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20211203-0001/

x_refsource_CONFIRM

CVSS V3.1

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2021
Vulnerability Reserved
Jan 21, 2021

Credit

Mitch Hulscher