Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField
Summary There is a potential vulnerability in Traefik's Basic and Digest authentication middlewares when headerField is configured with a non-canonical HTTP header name. An authenticated attacker with valid credentials can inject the canonical version of the configured header to impersonate any...