CVE-2024-52003 Vulnerability Details

  /     /     /  

CVE-2024-52003 Metadata Quick Info

CVE Published: 29/11/2024 | CVE Updated: 02/12/2024 | CVE Year: 2024
Source: GitHub_M | Vendor: traefik | Product: traefik
Status : PUBLISHED

---

CVE-2024-52003 Description

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-601
CWE Name: CWE-601: URL Redirection to Untrusted Site ( Open Redirect )
Source: traefik

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).