Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/05/08 12:6 p.m.10 views

CVE-2026-39858

A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik's forwarded-header sanitization logic not properly handling alias header names that use underscores instea...

10CVSS5.7AI score0.00479EPSS
Exploits1References7
Snyk
Snyk
added 2026/04/24 8:36 p.m.3 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth process. An attacker can enumerate valid usernames by measuring authentication response times, exploiting differences in processing between existing and non-existing users. Remediation Upgrade...

6.3CVSS5.5AI score0.00369EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 4:32 p.m.4 views

GHSA-5M6W-WVH7-57VM Traefik: Pre-authentication decision bypass due to forwarded alias spoofing

Summary There is a high severity authentication bypass vulnerability in Traefik's ForwardAuth and snippet-based authentication middleware. Traefik's forwarded-header sanitization logic targets only canonical header names e.g., X-Forwarded-Proto and does not strip or normalize alias variants that...

10CVSS5.8AI score0.00479EPSS
Exploits1References6
Snyk
Snyk
added 2026/03/20 12:44 p.m.7 views

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the BasicAuth middleware. An attacker can enumerate valid usernames by measuring the response time differences when submitting authentication requests. Remediation Upgrade...

6.3CVSS5.8AI score0.00385EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/06/07 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-34026

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...

9.2CVSS5.8AI score0.83479EPSS
Exploits1References1
Rows per page
Query Builder