CVE-2021-25742

Published October 29th, 2021

View on NVD ↗

CVSS v3

7.6

HIGH

CVSS v2

5.5

MEDIUM

Affected

PROJECT

Description

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

kubernetes/ingress-nginx

Ingress NGINX Controller for Kubernetes

GitHub

19.5K