2 matches found
K01051452: NGINX Ingress Controller vulnerability CVE-2021-23055
Security Advisory Description The command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. CVE-2021-23055 Impact An attacker with privileges to deploy Ingress resources can inject configuration snippets that may allow them to gain access ...
CVE-2021-23055
CVE-2021-23055 affects NGINX Ingress Controller: versions 2.x before 2.0.3 and 1.x before 1.12.3 allow Ingress resources to bypass the -enable-snippets restriction, enabling snippet injections via ingress service account. Impact reported as potential access to secrets; attacker must have Privileg...