CVE-2022-23469

CVSS V2 None CVSS V3 None
Description
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
Overview
  • CVE ID
  • CVE-2022-23469
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-08T22:15:10
  • Last Modified Date
  • 2022-12-12T18:47:11
Weakness Enumerations
CWE URL
CWE-532 http://cwe.mitre.org/data/definitions/532.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* 1 OR 2.9.6
References
Reference URL Reference Tags
https://github.com/traefik/traefik/pull/9574
https://github.com/traefik/traefik/releases/tag/v2.9.6
https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-23469
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23469
History
Created Old Value New Value Data Type Notes
2022-12-08 23:16:23 Added to TrackCVE
2022-12-12 01:14:42 2022-12-08T22:15:10.043 2022-12-08T22:15:10 CVE Published Date updated
2022-12-12 01:14:42 2022-12-08T22:30:17 CVE Modified Date updated
2022-12-12 01:14:42 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-12 12:24:13 Undergoing Analysis Awaiting Analysis Vulnerability Status updated
2022-12-12 13:15:26 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-12 19:15:29 2022-12-12T18:47:11 CVE Modified Date updated
2022-12-12 19:15:29 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-12 19:15:30 CWE-532 Weakness Enumeration updated
2022-12-12 19:15:31 CPE Information updated