目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1336 CNY

100%

ingress-nginx 产品漏洞列表 / CVE 中文分析 17

ingress-nginx 产品相关 17 条漏洞,AI 中文标题与摘要、CVSS、POC 一站汇总。

ingress-nginx 是由 Kubernetes 社区维护的高性能 HTTP 和 HTTPS 流量入口控制器,本页面聚焦于该组件存在的安全缺陷与漏洞。聚合内容收录了从早期版本至近期披露的各类漏洞,涵盖拒绝服务、权限绕过及配置错误等风险类型,时间跨度覆盖其主要的公开披露记录。通过本页,您可以追踪 ingress-nginx 官方及安全机构发布的安全公告,深入了解此类负载均衡产品的常见弱点与修复进展,并高效检索该特定产品在历史版本中的漏洞详情以辅助安全审计。

ベンダー: Kubernetes

CVE IDタイトルCVSS深刻度公開日
CVE-2026-4342 ingress-nginx comment-based nginx configuration injection CWE-20 8.8 High2026-03-19
CVE-2026-3288 ingress-nginx rewrite-target nginx configuration injection CWE-20 8.8 High2026-03-09
CVE-2025-15566 ingress-nginx auth-proxy-set-headers nginx configuration injection CWE-20 8.8 High2026-02-06
CVE-2026-24514 ingress-nginx Admission Controller denial of service CWE-770 6.5 Medium2026-02-03
CVE-2026-24513 ingress-nginx auth-url protection bypass CWE-754 3.1 Low2026-02-03
CVE-2026-24512 ingress-nginx auth-method nginx configuration injection CWE-20 8.8 High2026-02-03
CVE-2026-1580 ingress-nginx auth-method nginx configuration injection CWE-20 8.8 High2026-02-03
CVE-2025-24514 ingress-nginx controller - configuration injection via unsanitized auth-url annotation CWE-20 8.8 High2025-03-24
CVE-2025-24513 ingress-nginx controller - auth secret file path traversal vulnerability CWE-20 4.8 Medium2025-03-24
CVE-2025-1098 ingress-nginx controller - configuration injection via unsanitized mirror annotations CWE-20 8.8 High2025-03-24
CVE-2025-1097 ingress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation CWE-20 8.8 High2025-03-24
CVE-2025-1974 ingress-nginx admission controller RCE escalation CWE-653 9.8 Critical2025-03-24
CVE-2024-7646 Ingress NGINX Controller 安全漏洞 CWE-20 8.8 High2024-08-16
CVE-2023-5044 Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation CWE-20 7.6 High2023-10-25
CVE-2023-5043 Ingress nginx annotation injection causes arbitrary command execution CWE-20 7.6 High2023-10-25
CVE-2022-4886 Ingress-nginx `path` sanitization can be bypassed with `log_format` directive CWE-20 8.8 High2023-10-25
CVE-2020-8553 Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names CWE-73 5.9 Medium2020-07-29

ingress-nginx 产品累计公开 17 条 CVE 漏洞,本页提供按时间倒序的完整列表,包含 CVSS、CWE、AI 中文摘要与可获取的 POC 链接。