CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-52003 – X-Forwarded-Prefix Header still allows for Open Redirect in traefik
https://notcve.org/view.php?id=CVE-2024-52003
29 Nov 2024 — Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/traefik/traefik/pull/11253 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2024-45410 – HTTP client can remove the X-Forwarded headers in Traefik
https://notcve.org/view.php?id=CVE-2024-45410
19 Sep 2024 — Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed... • https://github.com/jphetphoumy/traefik-CVE-2024-45410-poc • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-39321 – Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
https://notcve.org/view.php?id=CVE-2024-39321
05 Jul 2024 — Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available. Traefik es un proxy inverso HTTP y un equilibrador de carga. • https://github.com/traefik/traefik/releases/tag/v2.11.6 • CWE-639: Authorization Bypass Through User-Controlled Key •