Kubernetes Nginx Ingress Controller 1.15.0
Approved changes feed: RSS · Atom
cpe:2.3:a:kubernetes:nginx_ingress_controller:1.15.0:*:*:*:*:*:*:*
part: a version: 1.15.0 update: *
| Vendor | Kubernetes (3ee05930-9e42-51b2-ad52-30832f573b15) |
|---|---|
| Product | Nginx Ingress Controller (245ad6f9-7a4c-59c8-a103-2d53c310154c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/kubernetes/ingress-nginx |
purl2cpe | 2026-06-01 10:13:27.889126 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4342 |
vulnerable | 2026-06-03 15:26:25.326616 |
ingress-nginx comment-based nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-03-19T21:50:17.878Z
Updated: 2026-03-21T04:01:49.391Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.