CVE-2021-25742
published 2021-10-29CVE-2021-25742: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all…
PriorityP335high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
EPSS
1.78%
75.5th percentile
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kubernetes | ingress-nginx | < 0.49.1 | 0.49.1 |
| kubernetes | ingress-nginx | — | — |
| kubernetes | kubernetes_ingress-nginx | unspecified – 0.49.0 | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
vendor_redhat7.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4pp2-3663-mcw8: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain
ghsa_unreviewed·2022-05-24
CVE-2021-25742 [HIGH] GHSA-4pp2-3663-mcw8: A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Red Hat
k8s.io/ingress-nginx: Custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
vendor_redhat·2021-10-21·CVSS 7.6
CVE-2021-25742 [HIGH] CWE-522 k8s.io/ingress-nginx: Custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
k8s.io/ingress-nginx: Custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.
Statement: OpenShift Container Platform does not use NGINX for Ingress and is therefore not affected by this vulnerability.
Package: rhacm2/management-ingress-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
Package: atomic-openshift (Red Hat OpenShift Container Platform 3.11) - Not affected
Package: openshift (Red Hat OpenShift Container Platform 4) - Not affected
No detection rules found.
No public exploits indexed.
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
HackerOne
Ingress nginx annotation injection causes arbitrary command execution
hackerone·2023-11-24·CVSS 7.6
CVE-2021-25742 [HIGH] Ingress nginx annotation injection causes arbitrary command execution
Ingress nginx annotation injection causes arbitrary command execution
Report Submission Form
## Summary:
[add a summary of the vulnerability]
For CVE-2021-25742 and CVE-2021-25746, I found a bypass method, which is fatal to the current measures taken by the team
I can easily bypass restrictions and execute arbitrary commands in the express nginx container.
## Kubernetes Version:
[add Kubernetes version & distribution in which the issue was found]
Server Version: version.Info{Major:"1", Minor:"25", GitVersion:"v1.25.2", GitCommit:"5835544ca568b757a8ecae5c153f317e5736700e", GitTreeState:"clean", BuildDate:"2022-09-21T14:27:13Z", GoVersion:"go1.19.1", Compiler:"gc", Platform:"linux/arm64"}
## Component Version:
[if applicable, add component version the issue was found]
ingress-nginx/cont
HackerOne
Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
hackerone·2022-08-13·CVSS 7.6
CVE-2021-25742 [HIGH] Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
Ingress-nginx annotation injection allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces
I submitted the following report to [email protected]:
> I've been exploring CVE-2021-25742 and believe I've discovered a variant (although it appears there may be many). Most template variables are not escaped properly in `nginx.tmpl`, leading to injection of arbitrary nginx directives. For example, the `nginx.ingress.kubernetes.io/connection-proxy-header` annotation is not validated/escaped and is inserted directly into the `nginx.conf` file.
>
> An attacker in a multi-tenant cluster with permission to create/modify ingresses can inject content into the connection-proxy-header annotation and read arbitrary files from the ingress controller (including the servi
https://github.com/kubernetes/ingress-nginx/issues/7837https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQYhttps://security.netapp.com/advisory/ntap-20211203-0001/https://github.com/kubernetes/ingress-nginx/issues/7837https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQYhttps://security.netapp.com/advisory/ntap-20211203-0001/
2021-10-29
Published