CVE-2021-25742

Опубликовано: 29 окт. 2021

Источник: nvd

CVSS3: 7.6

CVSS3: 7.1

CVSS2: 5.5

EPSS Низкий

Описание

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Ссылки

https://github.com/kubernetes/ingress-nginx/issues/7837
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY
Mailing List
Mitigation
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211203-0001/
Third Party Advisory
https://github.com/kubernetes/ingress-nginx/issues/7837
Exploit
Issue Tracking
Mitigation
Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY
Mailing List
Mitigation
Third Party Advisory
https://security.netapp.com/advisory/ntap-20211203-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*

Версия до 0.49.1 (исключая)

cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.0054

Низкий

7.6 High

CVSS3

7.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

CVE-2021-25742

CVSS3: 7.6

redhat

больше 4 лет назад

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

GHSA-4pp2-3663-mcw8

github

больше 3 лет назад

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

EPSS

Процентиль: 67%

0.0054

Низкий

7.6 High

CVSS3

7.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-20

NVD-CWE-noinfo