Upstream information

CVE-2021-25742 at MITRE

Description

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the custom snippets feature to obtain all secrets in the cluster.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • rke >= 1.3.3-1.1
Patchnames:
openSUSE Tumbleweed GA rke-1.3.3-1.1