Published: 30/07/2020 Updated: 28/07/2021

CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9

CVSS v3 Base Score: 4.7 | Impact Score: 2.7 | Exploitability Score: 1.6

VMScore: 357

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N

In Traefik prior to 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.

Vulnerable Product	Search on Vulmon	Subscribe to Product
traefik traefik
traefik traefik 2.3.0

CWE-601 https://github.com/containous/traefik/releases/tag/v2.2.8 https://github.com/containous/traefik/pull/7109 https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp https://github.com/containous/traefik/releases/tag/v2.3.0-rc3 https://github.com/containous/traefik/releases/tag/v1.7.26 https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-15129

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect