Veracode Vulnerability DatabaseVERACODE:44575Authorization Bypass
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.6%
github.com/traefik/traefik is vulnerable to Authorization Bypass. This vulnerability arises because Traefik automatically encodes and forwards URL fragments to backend servers, violating protocol standards and potentially bypassing security controls implemented by frontend proxies like NGINX. An attacker could exploit this flaw to bypass access control restrictions enforced by frontend proxies, potentially gaining unauthorized access to sensitive resources or functionalities.
References
datatracker.ietf.org/doc/html/rfc7230#section-5.3.1
github.com/traefik/traefik/commit/12e50e20e6f7aec7c867ff21580b2a5b2321c630
github.com/traefik/traefik/pull/10229
github.com/traefik/traefik/releases/tag/v2.10.6
github.com/traefik/traefik/releases/tag/v3.0.0-beta5
github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
AI Score
Confidence
Low
EPSS
Percentile
20.6%