CVE-2020-15129
- EPSS 81.12%
- Veröffentlicht 30.07.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 05:04:54
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header ...
CVE-2019-20894
- EPSS 0.77%
- Veröffentlicht 02.07.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:39:38
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
CVE-2020-9321
- EPSS 0.16%
- Veröffentlicht 16.03.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 05:40:24
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
CVE-2019-12452
- EPSS 0.41%
- Veröffentlicht 29.05.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:22:52
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to ...
CVE-2018-15598
- EPSS 0.34%
- Veröffentlicht 21.08.2018 01:29:00
- Zuletzt bearbeitet 21.11.2024 03:51:08
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.