CVE-2022-23469

2022-12-0822:15:10

Google

osv.dev

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

39.4%

JSON

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to INFO, WARN, or ERROR.

CPENameOperatorVersion
traefikeq1.5.4
traefikeq1.7.1
traefikeq1.0.0-beta.341
traefikeq1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e
traefikeq1.0.alpha.302
traefikeq1.0.0-beta.277
traefikeq1.0.alpha.171
traefikeq1.0.alpha.290
traefikeq2.7.0-rc2
traefikeq1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b

Name	Operator	Version
traefik	eq	1.5.4
traefik	eq	1.7.1
traefik	eq	1.0.0-beta.341
traefik	eq	1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e
traefik	eq	1.0.alpha.302
traefik	eq	1.0.0-beta.277
traefik	eq	1.0.alpha.171
traefik	eq	1.0.alpha.290
traefik	eq	2.7.0-rc2
traefik	eq	1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b