Vulnerability Details CVE-2018-15598
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/containous/traefik/pull/3790
- https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1
- https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b
- https://github.com/containous/traefik/releases/tag/v1.6.6
- https://github.com/containous/traefik/pull/3790
- https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1
- https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b
- https://github.com/containous/traefik/releases/tag/v1.6.6
Products affected by CVE-2018-15598
-
cpe:2.3:a:traefik:traefik:1.6.0
-
cpe:2.3:a:traefik:traefik:1.6.1
-
cpe:2.3:a:traefik:traefik:1.6.2
-
cpe:2.3:a:traefik:traefik:1.6.3
-
cpe:2.3:a:traefik:traefik:1.6.4
-
cpe:2.3:a:traefik:traefik:1.6.5