PT-2022-16010 · Traefik+1 · Traefik+1

Ldez

Published

2022-12-08

Updated

2024-08-21

CVE-2022-23469

CVSS v3.1

3.5

Low

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.9.6

Description There is a potential issue in Traefik where the Authorization header is displayed in its debug logs. This occurs when the log level is set to DEBUG, and credentials provided using the Authorization header are then visible in the debug logs. Attackers must have access to a user's logging system to exploit this. The issue has been addressed in version 2.9.6.

Recommendations For versions prior to 2.9.6, upgrade to version 2.9.6 to resolve the issue. For users unable to upgrade, set the log level to INFO, WARN, or ERROR as a temporary workaround.

Exploit

Fix

Insertion into Log File

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532CWE-200

Related Identifiers

ALT-PU-2023-1270

ALT-PU-2023-1324

ALT-PU-2023-7095

CVE-2022-23469

ECHO-463D-152A-B1B7

GHSA-H2PH-VHM7-G4HP

GO-2022-1154

OPENSUSE-SU-2024:12615-1

OPENSUSE-SU-2024:14076-1

Affected Products

Alt Linux

Traefik

PT-2022-16010 · Traefik+1 · Traefik+1

CVE-2022-23469

Weakness Enumeration

Related Identifiers

Affected Products

References · 28