Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-15129
HistoryJul 30, 2020 - 4:15 p.m.

CVE-2020-15129

2020-07-3016:15:11
CWE-601
[email protected]
web.nvd.nist.gov
56
3
traefik
open redirect
vulnerability
header injection
cve-2020-15129
nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

4.3 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik’s handling of the “X-Forwarded-Prefix” header. The Traefik API dashboard component doesn’t validate that the value of the header “X-Forwarded-Prefix” is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.

Affected configurations

Vulners
NVD
Node
containoustraefikRange<1.7.26
OR
containoustraefikRange2.0.02.2.8
VendorProductVersionCPE
containoustraefik*cpe:2.3:a:containous:traefik:*:*:*:*:*:*:*:*
containoustraefik*cpe:2.3:a:containous:traefik:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "traefik",
    "vendor": "containous",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.7.26"
      },
      {
        "status": "affected",
        "version": ">= 2.0.0, < 2.2.8"
      }
    ]
  }
]

Social References

More

Related

osv 2
cvelist 1
nuclei 1
veracode 1
prion 1
alpinelinux 1
nvd 1
github 1
osv
osv
CVE-2020-15129
2020-07-30 16:15:11
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
2022-02-11 23:19:21
cvelist
cvelist
CVE-2020-15129 Open redirect in Traefik
2020-07-30 15:20:15
nuclei
nuclei
Traefik - Open Redirect
2020-09-14 17:31:40
veracode
veracode
Open Rediection
2020-08-03 04:49:32
prion
prion
Open redirect
2020-07-30 16:15:00
alpinelinux
alpinelinux
CVE-2020-15129
2020-07-30 16:15:11
nvd
nvd
CVE-2020-15129
2020-07-30 16:15:11
github
github
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
2022-02-11 23:19:21

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

4.3 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for CVE-2020-15129
osv2cvelist1nuclei1veracode1prion1alpinelinux1nvd1github1