logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2020-15129 github.com/containous/traefik

Package

Manager: go
Name: github.com/containous/traefik
Vulnerable Version: >=1.5.0-rc5 <1.7.26

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

EPSS: 0.75966 pctl0.98873

Details

Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header ## Summary There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. ## Details The Traefik API dashboard component doesn't validate that the value of the header `X-Forwarded-Prefix` is a site relative path and will redirect to any header provided URI. e.g. ``` $ curl --header 'Host:traefik.localhost' --header 'X-Forwarded-Prefix:https://example.org' 'http://localhost:8081' <a href="https://example.org/dashboard/">Found</a>.` ``` ### Impact A successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. ### Workarounds By using the `headers` middleware, the request header `X-Forwarded-Prefix` value can be overridden by the value `.` (dot) - https://docs.traefik.io/v2.2/middlewares/headers/#customrequestheaders - https://docs.traefik.io/v1.7/basics/#custom-headers ### For more information If you have any questions or comments about this advisory, open an issue in [Traefik](https://github.com/containous/traefik/issues). ## Credit This issue was found by the GitHub Application Security Team and reported on behalf of the GHAS by the GitHub Security Lab Team.

Metadata

Created: 2022-02-11T23:19:21Z
Modified: 2022-08-04T20:56:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-6qq8-5wq3-86rp/GHSA-6qq8-5wq3-86rp.json
CWE IDs: ["CWE-601"]
Alternative ID: GHSA-6qq8-5wq3-86rp
Finding: F156
Auto approve: 1