2012036 – (CVE-2021-25742) CVE-2021-25742 k8s.io/ingress-nginx: Custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Bug 2012036 (CVE-2021-25742) - CVE-2021-25742 k8s.io/ingress-nginx: Custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces

Summary: CVE-2021-25742 k8s.io/ingress-nginx: Custom snippets allows retrieval of ingr...

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2021-25742
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2012037
TreeView+	depends on / blocked

Reported:	2021-10-08 04:30 UTC by Sam Fowler
Modified:	2023-02-27 13:38 UTC (History)
CC List:	19 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 20:08:12 UTC
Embargoed:

Attachments	(Terms of Use)

Description Sam Fowler 2021-10-08 04:30:39 UTC

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Comment 2 Sam Fowler 2021-10-08 04:39:30 UTC

Upstream fix:

https://github.com/kubernetes/ingress-nginx/pull/7665

Also requires setting allow-snippet-annotations to false in the ingress-nginx ConfigMap.

Comment 3 Product Security DevOps Team 2021-10-21 20:08:12 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-25742

Comment 4 Sam Fowler 2021-11-04 20:59:28 UTC

Upstream issue:

https://github.com/kubernetes/ingress-nginx/issues/7837

Note You need to log in before you can comment on or make changes to this bug.