Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2020-15129
HistoryJul 30, 2020 - 4:15 p.m.

CVE-2020-15129

2020-07-3016:15:11
Alpine Linux Development Team
security.alpinelinux.org
18

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

4.5 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik’s handling of the “X-Forwarded-Prefix” header. The Traefik API dashboard component doesn’t validate that the value of the header “X-Forwarded-Prefix” is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.

Related

osv 2
nvd 1
veracode 1
prion 1
cvelist 1
nuclei 1
cve 1
github 1
osv
osv
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
2022-02-11 23:19:21
CVE-2020-15129
2020-07-30 16:15:11
nvd
nvd
CVE-2020-15129
2020-07-30 16:15:11
veracode
veracode
Open Rediection
2020-08-03 04:49:32
prion
prion
Open redirect
2020-07-30 16:15:00
cvelist
cvelist
CVE-2020-15129 Open redirect in Traefik
2020-07-30 15:20:15
nuclei
nuclei
Traefik - Open Redirect
2020-09-14 17:31:40
cve
cve
CVE-2020-15129
2020-07-30 16:15:11
github
github
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
2022-02-11 23:19:21

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N

4.5 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.6%

JSON
Related for ALPINE:CVE-2020-15129
osv2nvd1veracode1prion1cvelist1nuclei1cve1github1