6 matches found
CVE-2021-25742
creationtimestamp| type| source ---|---|--- 2025-03-13 20:14:03+00:00| seen| https://gist.github.com/AyushyaChitransh/3b69f94e19b188ba41ee0c49a282e64c 2025-03-31 08:40:46+00:00| seen| https://bsky.app/profile/uchi-mata.bsky.social/post/3llnxk6qaw223 2025-04-23 21:32:11+00:00| seen|...
Kubernetes: Ingress nginx annotation injection causes arbitrary command execution
A vulnerability was found where arbitrary commands could be executed on the Kubernetes cluster. Through annotation injection on the ingress resource, additional locations could be added to the nginx configuration, allowing commands to be passed and executed via the lua scripting engine on the...
[ASA-202111-7] kubectl-ingress-nginx: information disclosure
Arch Linux Security Advisory ASA-202111-7 ========================================= Severity: High Date : 2021-11-18 CVE-ID : CVE-2021-25742 Package : kubectl-ingress-nginx Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2490 Summary ======= The package...
CVE-2021-25742
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...
CVE-2021-25742
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster...
Kubernetes: Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
I submitted the following report to [email protected]: I've been exploring CVE-2021-25742 and believe I've discovered a variant although it appears there may be many. Most template variables are not escaped properly in nginx.tmpl, leading to injection of arbitrary nginx directives. For...