CVE-2020-15129
Open redirect in Traefik
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
En Traefik antes de las versiones 1.7.26, 2.2.8 y 2.3.0-rc3, se presenta una posible vulnerabilidad de redireccionamiento abierto en el manejo del encabezado "X-Forwarded-Prefix" de Traefik. El componente del panel de la API Traefik no comprueba que el valor del encabezado "X-Forwarded-Prefix" sea una ruta relativa al sitio y redireccionará a cualquier URI proporcionado por el encabezado. Una explotación con éxito de un redireccionamiento abierto puede ser utilizado para atraer a las víctimas a revelar información confidencial. Una explotación activa de este problema es poco probable ya que requeriría una inyección activa del encabezado, sin embargo, el equipo de Traefik abordó este problema para impedir el abuso en por ejemplo escenarios de envenenamiento de caché
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-06-25 CVE Reserved
- 2020-07-30 CVE Published
- 2024-06-20 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/containous/traefik/releases/tag/v1.7.26 | Release Notes | |
| https://github.com/containous/traefik/releases/tag/v2.2.8 | Release Notes | |
| https://github.com/containous/traefik/releases/tag/v2.3.0-rc3 | Release Notes | |
| https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2 | 2021-07-28 | |
| https://github.com/containous/traefik/pull/7109 | 2021-07-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Traefik Search vendor "Traefik" | Traefik Search vendor "Traefik" for product "Traefik" | < 1.7.26 Search vendor "Traefik" for product "Traefik" and version " < 1.7.26" | - |
Affected
| ||||||
| Traefik Search vendor "Traefik" | Traefik Search vendor "Traefik" for product "Traefik" | >= 2.2.0 < 2.2.8 Search vendor "Traefik" for product "Traefik" and version " >= 2.2.0 < 2.2.8" | - |
Affected
| ||||||
| Traefik Search vendor "Traefik" | Traefik Search vendor "Traefik" for product "Traefik" | 2.3.0 Search vendor "Traefik" for product "Traefik" and version "2.3.0" | - |
Affected
| ||||||
| Traefik Search vendor "Traefik" | Traefik Search vendor "Traefik" for product "Traefik" | 2.3.0 Search vendor "Traefik" for product "Traefik" and version "2.3.0" | rc1 |
Affected
| ||||||
| Traefik Search vendor "Traefik" | Traefik Search vendor "Traefik" for product "Traefik" | 2.3.0 Search vendor "Traefik" for product "Traefik" and version "2.3.0" | rc2 |
Affected
| ||||||