2021-01-02 04:56:15 +00:00
id : CVE-2020-15129
2020-09-14 17:31:40 +00:00
info :
name : Open-redirect in Traefik
author : dwisiswant0
severity : medium
2022-04-22 10:38:41 +00:00
description : There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection,
however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
reference :
- https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
2022-04-22 10:38:41 +00:00
cvss-score : 4.7
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-15129
cwe-id : CWE-601
2022-04-22 10:38:41 +00:00
tags : cve,cve2020,traefik,redirect
2020-09-14 17:40:03 +00:00
2020-09-14 17:31:40 +00:00
requests :
- method : GET
path :
- "{{BaseURL}}"
2022-05-08 06:43:38 +00:00
2020-09-14 17:31:40 +00:00
headers :
X-Forwarded-Prefix : "https://foo.nl"
2022-05-08 06:43:38 +00:00
2020-09-14 17:31:40 +00:00
matchers-condition : and
matchers :
- type : status
status :
2020-09-14 17:39:24 +00:00
- 302
2022-05-08 06:43:38 +00:00
2020-09-14 17:31:40 +00:00
- type : word
2022-05-08 06:43:38 +00:00
part : body
2020-09-14 17:31:40 +00:00
words :
- "<a href=\"https://foo.nl/dashboard/\">Found</a>"