Unknown · Ingress-Nginx · CVE-2021-25746
**Name of the Vulnerable Software and Affected Versions**
ingress-nginx (affected versions not specified)
**Description**
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use `.metadata.annotations` in an Ingress object to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.