Cross-Origin IFRAME Loading Vulnerability in Traefik by Containous
CVE-2021-27375

5.3MEDIUM

Key Information:

Vendor: Containous
Status: Traefik
Vendor: CVE Published:; 18 February 2021

What is CVE-2021-27375?

A vulnerability in Traefik allows for the unintended loading of IFRAME elements from external domains in versions prior to 2.4.5. This could expose users to risks such as clickjacking or content injection attacks. Users and administrators of Traefik should upgrade to version 2.4.5 or later to mitigate these risks and enhance their security posture.

References

https://github.com/traefik/traefik/pull/7904

x_refsource_MISC

https://github.com/traefik/traefik/releases/tag/v2.4.5

x_refsource_CONFIRM

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 18, 2021
Vulnerability Reserved
Feb 18, 2021

CVE-2021-27375 Data

JSON