Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-15129Open Redirect in Traefik

CWE-601Open Redirect5 documents5 sources
Severity
4.7MEDIUMNVD
CNA6.1
EPSS
76.8%
top 1.04%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
10
Containous TraefikGithub.com Containous TraefikGithub.com Containous Traefik API+7 more
Timeline
PublishedJul 30
Latest updateFeb 11

Description

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as i

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.7

Affected Packages10 packages

NVDtraefik/traefik2.2.02.2.8+2
CVEListV5containous/traefik< 1.7.26+1
Gogithub.com/traefik_traefik1.5.0-rc51.7.26
Gogithub.com/containous_traefik1.5.0-rc51.7.26
Gogithub.com/traefik_traefik_v22.3.0-rc12.3.0-rc6+1

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header2022-02-11
OSV
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header2022-02-11
CVEList
Open redirect in Traefik2020-07-30

💥Exploits & PoCs

1
Nuclei
Traefik - Open Redirect
CVE-2020-15129 — Open Redirect in Containous Traefik | cvebase