VDB

CVE-2022-23469

CVE-2022-23469 PUBLISHED CVSS 3.5 LOW

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.

EPSS 0.34% · 57.3th percentile

Risk Scores

CVSS v3.1
3.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
EPSS Score
0.34%
57.3th percentile

Affected Products

VendorProductVersions
github.comtraefik/traefik/v20
traefiktraefik0, < 2.9.6

Timeline

  • Dec 8, 2022 CVE Published
  • Dec 9, 2022 EPSS Score
  • Jan 20, 2023 EPSS Score
  • Mar 3, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 14, 2023 EPSS Score
  • May 26, 2023 EPSS Score
  • Jul 7, 2023 EPSS Score
  • Aug 18, 2023 EPSS Score
  • Sep 29, 2023 EPSS Score
  • Nov 9, 2023 EPSS Score
  • Dec 21, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›