id: CVE-2020-15129

info:
  name: Open-redirect in Traefik
  author: dwisiswant0
  severity: medium
  description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
  reference:
    - https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
    - https://github.com/containous/traefik/releases/tag/v2.2.8
    - https://github.com/containous/traefik/pull/7109
    - https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.7
    cve-id: CVE-2020-15129
    cwe-id: CWE-601
  tags: cve,cve2020,traefik,redirect

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      X-Forwarded-Prefix: "https://foo.nl"

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 302

      - type: word
        part: body
        words:
          - "<a href=\"https://foo.nl/dashboard/\">Found</a>"