nuclei-templates/cves/2020/CVE-2020-15129.yaml

id: CVE-2020-15129

info:
  name: Open-redirect in Traefik
  author: dwisiswant0
  severity: medium
  description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
    - https://github.com/containous/traefik/releases/tag/v2.2.8
    - https://github.com/containous/traefik/pull/7109
    - https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.7
    cve-id: CVE-2020-15129
    cwe-id: CWE-601
  tags: cve,cve2020,traefik,redirect

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      X-Forwarded-Prefix: "https://foo.nl"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 302

      - type: word
        part: body
        words:
          - "<a href=\"https://foo.nl/dashboard/\">Found</a>"
misc changes 2021-01-02 04:56:15 +00:00			`id: CVE-2020-15129`
:fire: Add CVE-2020-15129 2020-09-14 17:31:40 +00:00
			`info:`
			`name: Open-redirect in Traefik`
			`author: dwisiswant0`
			`severity: medium`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://github.com/containous/traefik/releases/tag/v2.2.8`
			`- https://github.com/containous/traefik/pull/7109`
			`- https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`cvss-score: 4.7`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`cve-id: CVE-2020-15129`
			`cwe-id: CWE-601`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`tags: cve,cve2020,traefik,redirect`
:pencil2: Add reference 2020-09-14 17:40:03 +00:00
:fire: Add CVE-2020-15129 2020-09-14 17:31:40 +00:00			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`
Strict matchers / f/p fix (#4320) * more strict matcher + matcher fix * misc updates 2022-05-08 06:43:38 +00:00
:fire: Add CVE-2020-15129 2020-09-14 17:31:40 +00:00			`headers:`
			`X-Forwarded-Prefix: "https://foo.nl"`
Strict matchers / f/p fix (#4320) * more strict matcher + matcher fix * misc updates 2022-05-08 06:43:38 +00:00
:fire: Add CVE-2020-15129 2020-09-14 17:31:40 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
:hammer: Update status matcher 2020-09-14 17:39:24 +00:00			`- 302`
Strict matchers / f/p fix (#4320) * more strict matcher + matcher fix * misc updates 2022-05-08 06:43:38 +00:00
:fire: Add CVE-2020-15129 2020-09-14 17:31:40 +00:00			`- type: word`
Strict matchers / f/p fix (#4320) * more strict matcher + matcher fix * misc updates 2022-05-08 06:43:38 +00:00			`part: body`
:fire: Add CVE-2020-15129 2020-09-14 17:31:40 +00:00			`words:`
			`- "<a href=\"https://foo.nl/dashboard/\">Found</a>"`