CVE-2018-15598

Name of the Vulnerable Software and Affected Versions Containous Traefik versions 1.6.x through 1.6.5

Description The issue is related to errors in the implementation of the API in the Containous Traefik reverse proxy server. If the --api option is used and authentication is missing, the configuration and secret may be exposed, especially if the API's port is publicly reachable. This could allow a remote attacker to disclose protected information.

Recommendations For Containous Traefik versions 1.6.x through 1.6.5, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider disabling the --api option until a patch is available. Restrict access to the API's port to minimize the risk of exploitation. Ensure proper authentication is configured for the API to prevent unauthorized access.