CVE-2021-25742 - OpenCVE

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Trident
Kubernetes	Ingress-nginx

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:ingress-nginx::::::::
	cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:::::::*

Configuration 2 [-]

cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kubernetes/ingress-nginx/issues/7837	Exploit Issue Tracking Mitigation Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY	Mailing List Mitigation Third Party Advisory
https://security.netapp.com/advisory/ntap-20211203-0001/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2021-10-21T00:00:00

Updated: 2022-05-06T00:50:12

Reserved: 2021-01-21T00:00:00

Link: CVE-2021-25742

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-10-29T04:15:08.220

Modified: 2021-12-15T14:06:03.880

Link: CVE-2021-25742

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Kubernetes ingress-nginx", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "0.49.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 0.49.0", "versionType": "custom"}, {"lessThanOrEqual": "1.0.0", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.0.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Mitch Hulscher"}], "datePublic": "2021-10-21T00:00:00", "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20: Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-06T00:50:12", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/ingress-nginx/issues/7837"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211203-0001/"}], "source": {"defect": ["https://github.com/kubernetes/ingress-nginx/issues/7837"], "discovery": "EXTERNAL"}, "title": "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces", "workarounds": [{"lang": "en", "value": "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2021-10-21T16:15:00.000Z", "ID": "CVE-2021-25742", "STATE": "PUBLIC", "TITLE": "Ingress-nginx custom snippets allows retrieval of ingress-nginx serviceaccount token and secrets across all namespaces"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes ingress-nginx", "version": {"version_data": [{"version_affected": "<=", "version_value": "0.49.0"}, {"version_affected": ">?", "version_value": "0.49.0"}, {"version_affected": "<=", "version_value": "1.0.0"}, {"version_affected": ">?", "version_value": "1.0.0"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Mitch Hulscher"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20: Improper Input Validation"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY", "refsource": "MISC", "url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"}, {"name": "https://github.com/kubernetes/ingress-nginx/issues/7837", "refsource": "MISC", "url": "https://github.com/kubernetes/ingress-nginx/issues/7837"}, {"name": "https://security.netapp.com/advisory/ntap-20211203-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211203-0001/"}]}, "source": {"defect": ["https://github.com/kubernetes/ingress-nginx/issues/7837"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "This can be mitigated by disallowing snippet annotations on a supported version. Refer to https://github.com/kubernetes/ingress-nginx/issues/7837 for instructions."}]}}}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2021-25742", "datePublished": "2021-10-21T00:00:00", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2022-05-06T00:50:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEC0CA26-0429-4DD1-904B-5C7637C42704", "versionEndExcluding": "0.49.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:ingress-nginx:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DA09AFA-48CD-4A55-9C15-A96249C704D0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster."}, {"lang": "es", "value": "Se ha detectado un problema de seguridad en ingress-nginx donde un usuario que puede crear o actualizar objetos de entrada puede usar la funci\u00f3n de fragmentos personalizados para obtener todos los secretos del cl\u00faster"}], "id": "CVE-2021-25742", "lastModified": "2021-12-15T14:06:03.880", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.7, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2021-10-29T04:15:08.220", "references": [{"source": "jordan@liggitt.net", "tags": ["Exploit", "Issue Tracking", "Mitigation", "Third Party Advisory"], "url": "https://github.com/kubernetes/ingress-nginx/issues/7837"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/mT4JJxi9tQY"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211203-0001/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}