CVE-2024-52003

CVSS v4.0

6.3

Medium

Vector

AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Traefik versions prior to 2.11.14 Traefik versions prior to 3.2.1

Description There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue can be exploited to bypass validation, potentially leading to cache poisoning scenarios. The Traefik API dashboard component tries to validate that the value of the X-Forwarded-Prefix header is a site relative path, but an attacker can bypass this by sending a crafted payload.

Recommendations For Traefik versions prior to 2.11.14, update to version 2.11.14 or later. For Traefik versions prior to 3.2.1, update to version 3.2.1 or later. As a temporary workaround, consider restricting access to the X-Forwarded-Prefix header to minimize the risk of exploitation.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALSA-2025_16880

ALT-PU-2024-16593

ALT-PU-2024-16754

ALT-PU-2025-12511

ALT-PU-2025-7693

CVE-2024-52003

ECHO-9EB7-A106-97D7

GHSA-H924-8G65-J9WG

GO-2024-3299

OPENSUSE-SU-2024:14567-1

Affected Products

Alt Linux

Traefik

CVE-2024-52003

Weakness Enumeration

Related Identifiers

Affected Products

References · 36