Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-1643B4379AC9C7EAB2BB928E2188CAFFHistoryMay 07, 2022 - 12:00 a.m.
Improper Input Validation
2022-05-0700:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
10
0.001 Low
EPSS
Percentile
41.6%
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/k8s.io/ingress-nginx | lt | 1.2.0 |
Related
redhatcve
redhatcve
CVE-2021-25745
2022-04-25 08:30:58
osv
osv
BIT-nginx-ingress-controller-2021-25745
2024-03-06 10:59:18
Improper Input Validation in k8s.io/ingress-nginx
2022-05-07 00:00:49
CVE-2021-25745
2022-05-06 01:15:09
nvd
nvd
CVE-2021-25745
2022-05-06 01:15:09
veracode
veracode
Information Disclosure
2022-05-09 06:00:18
github
github
Improper Input Validation in k8s.io/ingress-nginx
2022-05-07 00:00:49
prion
prion
Default configuration
2022-05-06 01:15:00
cve
cve
CVE-2021-25745
2022-05-06 01:15:09
cvelist
cvelist
ibm
ibm
wallarmlab
wallarmlab
Two critical security flaws found in Nginx-Ingress controller
2022-05-12 21:52:03