Lucene search
+L

6 matches found

Circl
Circl
added 2025/03/13 8:14 p.m.7 views

CVE-2021-25742

creationtimestamp| type| source ---|---|--- 2025-03-13 20:14:03+00:00| seen| https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c 2025-03-31 08:40:46+00:00| seen| https://bsky.app/profile/uchi-mata.bsky.social/post/3llnxk6qaw223 2025-04-23 21:32:11+00:00| seen|...

7.6CVSS7.1AI score0.01784EPSS
Exploits1References3
Hacker One
Hacker One
added 2022/10/10 9:58 a.m.33 views

Kubernetes: Ingress nginx annotation injection causes arbitrary command execution

A vulnerability was found where arbitrary commands could be executed on the Kubernetes cluster. Through annotation injection on the ingress resource, additional locations could be added to the nginx configuration, allowing commands to be passed and executed via the lua scripting engine on the...

7.6CVSS7.1AI score0.01784EPSS
Exploits1
ArchLinux
ArchLinux
added 2021/11/18 12:0 a.m.36 views

[ASA-202111-7] kubectl-ingress-nginx: information disclosure

Arch Linux Security Advisory ASA-202111-7 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-25742 Package : kubectl-ingress-nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2490 Summary ======= The package...

7.6CVSS6.5AI score0.01784EPSS
Exploits1References7
NVD
NVD
added 2021/10/29 4:15 a.m.23 views

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

7.6CVSS0.01784EPSS
Exploits1References3
OSV
OSV
added 2021/10/29 4:15 a.m.16 views

CVE-2021-25742

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...

7.1CVSS6.7AI score
Exploits0References3
Hacker One
Hacker One
added 2021/10/22 3:49 a.m.44 views

Kubernetes: Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

I submitted the following report to [email protected]: I've been exploring CVE-2021-25742 and believe I've discovered a variant although it appears there may be many. Most template variables are not escaped properly in nginx.tmpl, leading to injection of arbitrary nginx directives. For...

5.5CVSS1.2AI score0.01784EPSS
Exploits1
Rows per page
Query Builder