CVE-2021-25742: 
Ingress NGINX Controller (community-driven) vulnerability analysis and mitigation

A security issue (CVE-2021-25742) was discovered in ingress-nginx where users with permissions to create or update ingress objects could exploit the custom snippets feature to obtain all secrets in the cluster. The vulnerability was rated High with a CVSS score of 7.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L). The affected versions include v1.0.0 and below v0.49.0, with multitenant environments being particularly at risk (Kubernetes Security).

The vulnerability exists in the custom snippets feature of ingress-nginx, which could be exploited to access sensitive information including the ingress-nginx serviceaccount token and secrets across all namespaces. The issue affects versions v1.0.0 and earlier than v0.49.0, with mitigation possible in versions v1.0.1 and v0.49.1. The vulnerability received a CVSS score of 7.1, indicating a high severity level with network attack vector, low attack complexity, and low privileges required for exploitation (Kubernetes Issue).

Successful exploitation of this vulnerability could lead to unauthorized access to all secrets within the cluster, potentially exposing sensitive information and allowing for data modification. The impact is particularly severe in multitenant environments where non-admin users have permissions to create Ingress objects (NetApp Security).

To mitigate this vulnerability, users must upgrade to version v0.49.1 or v1.0.1 or higher and set allow-snippet-annotations to false in the ingress-nginx ConfigMap. For static deployments, edit the ConfigMap using kubectl and add 'allow-snippet-annotations: false'. For Helm deployments, set controller.allowSnippetAnnotations to false in Values.yaml or during helm installation (Kubernetes Security).