apk package
wolfi/ingress-nginx-controller-1.15
pkg:apk/wolfi/ingress-nginx-controller-1.15
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24513 | Low | 3.1 | < 0 | 0 | Feb 3, 2026 | A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that | |
| CVE-2025-23419 | — | < 1.15.0-r0 | 1.15.0-r0 | Feb 5, 2025 | When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/n | ||
| CVE-2023-5044 | — | < 0 | 0 | Oct 25, 2023 | Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. |
- affected < 0fixed 0
A security issue was discovered in ingress-nginx where the protection afforded by the `auth-url` Ingress annotation may not be effective in the presence of a specific misconfiguration. If the ingress-nginx controller is configured with a default custom-errors configuration that
- CVE-2025-23419Feb 5, 2025affected < 1.15.0-r0fixed 1.15.0-r0
When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises when TLS Session Tickets https://nginx.org/en/docs/http/n
- CVE-2023-5044Oct 25, 2023affected < 0fixed 0
Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation.
Page 2 of 2