Merge pull request #461 from dwisiswant0/add/CVE-2020-15129

Add CVE-2020-15129
2020-09-15 19:45:59 +05:30 · 2020-09-15 19:45:59 +05:30 · e8ef3b5759
parent b032080332 fa570b5560
commit e8ef3b5759
1 changed files with 28 additions and 0 deletions
--- a/cves/CVE-2020-15129.yaml
+++ b/cves/CVE-2020-15129.yaml
@ -0,0 +1,28 @@
+id: CVE-2020-15129
+
+info:
+  name: Open-redirect in Traefik
+  author: dwisiswant0
+  severity: medium
+  description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
+
+  # Ref:
+  # - https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}:8081"
+    headers:
+      X-Forwarded-Prefix: "https://foo.nl"
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 302
+      - type: word
+        words:
+          - "<a href=\"https://foo.nl/dashboard/\">Found</a>"
+        condition: or
+        part: body