CVE-2020-15129

MEDIUM6.1EPSS 76.8%

Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header

發布日:2022/2/11修改日:2026/3/13
也稱為:GHSA-6qq8-5wq3-86rp

描述

## Summary There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. ## Details The Traefik API dashboard component doesn't validate that the value of the header `X-Forwarded-Prefix` is a site relative path and will redirect to any header provided URI. e.g. ``` $ curl --header 'Host:traefik.localhost' --header 'X-Forwarded-Prefix:https://example.org' 'http://localhost:8081' <a href="https://example.org/dashboard/">Found</a>.` ``` ### Impact A successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. ### Workarounds By using the `headers` middleware, the request header `X-Forwarded-Prefix` value can be overridden by the value `.` (dot) - https://docs.traefik.io/v2.2/middlewares/headers/#customrequestheaders - https://docs.traefik.io/v1.7/basics/#custom-headers ### For more information If you have any questions or comments about this advisory, open an issue in [Traefik](https://github.com/containous/traefik/issues). ## Credit This issue was found by the GitHub Application Security Team and reported on behalf of the GHAS by the GitHub Security Lab Team.

受影響套件(8)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1MEDIUM6.1CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

參考連結(10)