CVE-2021-25745
- EPSS 0.22%
- Published 06.05.2022 01:15:09
- Last modified 21.11.2024 05:55:20
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials...
CVE-2021-25746
- EPSS 0.36%
- Published 06.05.2022 01:15:09
- Last modified 21.11.2024 05:55:20
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-ngi...
CVE-2021-25742
- EPSS 0.63%
- Published 29.10.2021 04:15:08
- Last modified 21.11.2024 05:55:19
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
CVE-2020-8553
- EPSS 0.52%
- Published 29.07.2020 15:15:13
- Last modified 21.11.2024 05:39:01
The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingress which uses nginx.ingress.kubernetes.io/auth-ty...