A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Upstream fix: https://github.com/kubernetes/ingress-nginx/pull/7665 Also requires setting allow-snippet-annotations to false in the ingress-nginx ConfigMap.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-25742
Upstream issue: https://github.com/kubernetes/ingress-nginx/issues/7837