DirectorySecurity Advisories
Sign In
Security Advisories

CGA-q93f-r479-x2rj

Published

Last updated

https://images.chainguard.dev/security/CGA-q93f-r479-x2rj
Package

ingress-nginx-controller

Latest Update
Not affected
Aliases
  • CVE-2021-25745
  • GHSA-pvmg-xgmx-9mxh

Severity

8.1

High

CVSS V3

Summary

Improper Input Validation in k8s.io/ingress-nginx

Description

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

References

Updates

Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images

Why Chainguard

Container Image SecurityVulnerability RemediationCompliance and Risk MitigationSoftware Supply Chain SecurityAI/ML Security

Customers

Customer StoriesChainguard Love

Company

About UsOpen SourceCareersNewsroomLegal

Resources

Unchained BlogResearchEventsTrust CenterDocumentation