Nginx Ingress Controller
Approved changes feed: RSS · Atom
cpe:2.3:a:kubernetes:nginx_ingress_controller:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Kubernetes (3ee05930-9e42-51b2-ad52-30832f573b15) |
|---|---|
| Product | Nginx Ingress Controller (245ad6f9-7a4c-59c8-a103-2d53c310154c) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/kubernetes/ingress-nginx |
purl2cpe | 2026-06-01 10:13:27.889008 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-4342 |
vulnerable | 2026-06-03 15:26:25.325483 |
ingress-nginx comment-based nginx configuration injection
HIGH (8.8)
A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)
Published: 2026-03-19T21:50:17.878Z
Updated: 2026-03-21T04:01:49.391Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1002104 |
vulnerable | 2026-06-03 14:37:53.001126 |
Details available
MEDIUM (5.3)
Versions < 1.5 of the Kubernetes ingress default backend, which handles invalid ingress traffic, exposed prometheus metrics publicly.
Published: 2020-01-14T20:15:17.491Z
Updated: 2024-09-16T21:07:22.919Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.