Logging Misconfiguration in Traefik Software by Containous
CVE-2020-9321

7.5HIGH

Key Information:

Vendor: Traefik
Status: Traefik
Vendor: CVE Published:; 16 March 2020

What is CVE-2020-9321?

A potential information leakage vulnerability exists in Traefik versions 2.x prior to 2.1.4 and TraefikEE 2.0.0. The issue arises from the mishandling of certificate content purging from providers before logging events. This oversight could allow sensitive information to be logged inadvertently, posing a risk of exposure and exploitation. It is crucial for users to update to the latest versions to mitigate any risks associated with this vulnerability.

References

https://github.com/containous/traefik/pull/6281

x_refsource_MISC

https://github.com/containous/traefik/releases/tag/v2.1.4

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2020
Vulnerability Reserved
Feb 20, 2020