CVE-2018-15598 Information

Feb 14, 2021 cve

Description

Containous Traefik 1.6.x before 1.6.6 when –api is used exposes the configuration and secret if authentication is missing and the API’s port is publicly reachable.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/containous/traefik/pull/3790 https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1 https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b https://github.com/containous/traefik/releases/tag/v1.6.6

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: