Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
traefik traefik vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a priv...
Traefik Traefik
5
CVSSv2
CVE-2021-27375
Traefik prior to 2.4.5 allows the loading of IFRAME elements from other domains.
Containous Traefik
4
CVSSv2
CVE-2020-15129
In Traefik prior to 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded...
Traefik Traefik
Traefik Traefik 2.3.0
4.3
CVSSv2
CVE-2019-20894
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
Traefik Traefik
5
CVSSv2
CVE-2020-9321
configurationwatcher.go in Traefik 2.x prior to 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
Traefik Traefik
Traefik Traefik 2.0.0
3.5
CVSSv2
CVE-2019-12452
types/types.go in Containous Traefik 1.7.x up to and including 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password ...
Traefik Traefik
5
CVSSv2
CVE-2018-15598
Containous Traefik 1.6.x prior to 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
Traefik Traefik
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2