High severity7.6NVD Advisory· Published May 6, 2022· Updated Jun 17, 2026
CVE-2021-25745
CVE-2021-25745
Description
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/ingress-nginxGo | < 1.2.0 | 1.2.0 |
Affected products
18- osv-coords17 versionspkg:apk/chainguard/ingress-nginx-controllerpkg:apk/chainguard/ingress-nginx-controller-1.9pkg:apk/chainguard/ingress-nginx-controller-compatpkg:apk/chainguard/ingress-nginx-controller-compat-1.9pkg:apk/chainguard/ingress-nginx-controller-compat-fips-1.9pkg:apk/chainguard/ingress-nginx-controller-fipspkg:apk/chainguard/ingress-nginx-controller-fips-1.9pkg:apk/chainguard/ingress-nginx-controller-fips-compatpkg:apk/chainguard/kube-webhook-certgenpkg:apk/chainguard/kube-webhook-certgen-1.9pkg:apk/chainguard/kube-webhook-certgen-fipspkg:apk/chainguard/kube-webhook-certgen-fips-1.9pkg:apk/wolfi/ingress-nginx-controllerpkg:apk/wolfi/ingress-nginx-controller-compatpkg:apk/wolfi/kube-webhook-certgenpkg:golang/k8s.io/ingress-nginxpkg:rpm/opensuse/rke&distro=openSUSE%20Tumbleweed
< 0+ 16 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.2.0
- (no CPE)range: < 1.3.10-1.1
- Range: unspecified
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-pvmg-xgmx-9mxhghsaADVISORY
- github.com/kubernetes/ingress-nginx/issues/8502nvdIssue TrackingMitigationThird Party AdvisoryWEB
- groups.google.com/g/kubernetes-security-announce/c/7vQrpDZeBlcnvdIssue TrackingMailing ListMitigationThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-25745ghsaADVISORY
- security.netapp.com/advisory/ntap-20220609-0006/nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220609-0006ghsaWEB
News mentions
0No linked articles in our index yet.