Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-15129

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.

Published

2020-07-30T16:15:11.537

Last Modified

2024-11-21T05:04:54.340

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

4.9

Impact Score

4.9

Weaknesses

Type: Secondary
CWE-601
Type: Primary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	traefik	traefik	< 1.7.26	Yes
Application	traefik	traefik	< 2.2.8	Yes
Application	traefik	traefik	2.3.0	Yes
Application	traefik	traefik	2.3.0	Yes
Application	traefik	traefik	2.3.0	Yes

References

https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2 Patch, Third Party Advisory ([email protected])
https://github.com/containous/traefik/pull/7109 Patch, Third Party Advisory ([email protected])
https://github.com/containous/traefik/releases/tag/v1.7.26 Release Notes, Third Party Advisory ([email protected])
https://github.com/containous/traefik/releases/tag/v2.2.8 Release Notes, Third Party Advisory ([email protected])
https://github.com/containous/traefik/releases/tag/v2.3.0-rc3 Release Notes, Third Party Advisory ([email protected])
https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp Third Party Advisory ([email protected])
https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containous/traefik/pull/7109 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containous/traefik/releases/tag/v1.7.26 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containous/traefik/releases/tag/v2.2.8 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containous/traefik/releases/tag/v2.3.0-rc3 Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)