CVE-2022-23469
Last modified
CVE-2022-23469 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. EPSS estimates a 0.98% chance of exploitation in the next 30 days.
Description
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Traefik | Traefik | < 2.9.6 |
References
- https://github.com/traefik/traefik/pull/9574Patch, Third Party Advisory
- https://github.com/traefik/traefik/releases/tag/v2.9.6Release Notes, Third Party Advisory
- https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hpExploit, Patch, Third Party Advisory
- https://github.com/traefik/traefik/pull/9574Patch, Third Party Advisory
- https://github.com/traefik/traefik/releases/tag/v2.9.6Release Notes, Third Party Advisory
- https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hpExploit, Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23469?
How severe is CVE-2022-23469?
How do I fix CVE-2022-23469?
Are you affected by CVE-2022-23469?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST