36 lines
1.0 KiB
YAML
36 lines
1.0 KiB
YAML
id: CVE-2020-15129
|
|
|
|
info:
|
|
name: Open-redirect in Traefik
|
|
author: dwisiswant0
|
|
severity: medium
|
|
description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection,
|
|
however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
|
|
reference:
|
|
- https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 4.7
|
|
cve-id: CVE-2020-15129
|
|
cwe-id: CWE-601
|
|
tags: cve,cve2020,traefik,redirect
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}"
|
|
|
|
headers:
|
|
X-Forwarded-Prefix: "https://foo.nl"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 302
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "<a href=\"https://foo.nl/dashboard/\">Found</a>"
|