Juliens

**Name of the Vulnerable Software and Affected Versions** Containous Traefik versions 1.6.x through 1.6.5 **Description** The issue is related to errors in the implementation of the API in the Containous Traefik reverse proxy server. If the `--api` option is used and authentication is missing, the configuration and secret may be exposed, especially if the API's port is publicly reachable. This could allow a remote attacker to disclose protected information. **Recommendations** For Containous Traefik versions 1.6.x through 1.6.5, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider disabling the `--api` option until a patch is available. Restrict access to the API's port to minimize the risk of exploitation. Ensure proper authentication is configured for the API to prevent unauthorized access.