The problem is in intersection of nginx-ingress and kubernetes. Since ingress controller has access to secrets from all the namespaces (which is kubernetes side of the story) the nginx implementation with snippets added by users (the nginx contribution) may expose these secrets.
The post also points to an open source tool that helps people to check if they are vulnerable, whether they want to get to the bottom of the issue or not.