CVE-2024-52003

EPSS 0.19%
Published 29.11.2024 19:15:08
Last modified 29.11.2024 19:15:08
Source security-advisories@github.com
Teams watchlist Login
Open Login

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Vendortraefik

≫

Product traefik

Version < 2.11.14

Status affected

Version >= 3.0.0, < 3.2.1

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.19%	0.41

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security-advisories@github.com	6.3	0	0	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://github.com/traefik/traefik/pull/11253

https://github.com/traefik/traefik/releases/tag/v2.11.14

https://github.com/traefik/traefik/releases/tag/v3.2.1

https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg

https://nvd.nist.gov/vuln/detail/CVE-2024-52003

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52003

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52003

EUVD