Security for everyone

CVE-2020-15129 Scanner

Detects 'Open Redirect' vulnerability in Traefik affects v. before 1.7.26, 2.2.8, and 2.3.0-rc3.

SCAN NOW

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

30 sec

Scan only one

Url

Source

-

Traefik is an open-source reverse proxy and load balancer that is popularly used in cloud-native applications and microservices. It is designed to provide developers with an easy and configurable way to manage and route traffic across their applications. With its features such as dynamic service discovery, SSL/TLS encryption, and Kubernetes integration, Traefik simplifies the task of operating distributed applications in a containerized environment.

However, like any other software, vulnerabilities may sometimes be detected in Traefik. One such vulnerability is known as CVE-2020-15129. This vulnerability affects versions before 1.7.26, 2.2.8, and 2.3.0-rc3. It is an open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The issue arises when the Traefik API dashboard component fails to validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will therefore redirect to any header provided URI.

If exploited, the vulnerability can be used to entice victims to disclose sensitive information. For instance, an attacker can craft a malicious link with the opening redirect embedded within it and send this link to a victim. Once the victim clicks on the link, they will be redirected to a phishing site or a fake login page where they may unknowingly enter their login credentials which will then be stolen by the attacker.

At SecurityForEveryone.com, we take the security of our clients' digital assets seriously. Thanks to the pro features of our platform, we make it easy to quickly and easily learn about vulnerabilities in your digital assets. Our platform provides continuous monitoring and scanning of your applications and networks, and we notify you immediately if any vulnerabilities are detected. Sign up today to ensure the safety and security of your digital assets.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture