CVE-2020-15129

Description

## Summary There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. ## Details The Traefik API dashboard component doesn't validate that the value of the header `X-Forwarded-Prefix` is a site relative path and will redirect to any header provided URI. e.g. ``` $ curl --header 'Host:traefik.localhost' --header 'X-Forwarded-Prefix:https://example.org' 'http://localhost:8081' <a href="https://example.org/dashboard/">Found</a>.` ``` ### Impact A successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. ### Workarounds By using the `headers` middleware, the request header `X-Forwarded-Prefix` value can be overridden by the value `.` (dot) - https://docs.traefik.io/v2.2/middlewares/headers/#customrequestheaders - https://docs.traefik.io/v1.7/basics/#custom-headers ### For more information If you have any questions or comments about this advisory, open an issue in [Traefik](https://github.com/containous/traefik/issues). ## Credit This issue was found by the GitHub Application Security Team and reported on behalf of the GHAS by the GitHub Security Lab Team.

How to fix CVE-2020-15129

To remediate CVE-2020-15129, upgrade the affected package to a fixed version below.

—upgrade to 1.7.26 or later
—upgrade to 1.7.26 or later
—upgrade to 2.2.8 or later
—upgrade to 2.2.8 or later
—upgrade to 1.7.26 or later
—

Description

How to fix CVE-2020-15129

Is CVE-2020-15129 being exploited?

Affected packages (8)

CVSS scores

References (10)