CVE-2018-15598

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 60%
VendorProductVersion
traefiktraefik
1.6.0 ≤
𝑥
< 1.6.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/containous/traefik/pull/3790
https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1
https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b
https://github.com/containous/traefik/releases/tag/v1.6.6
https://github.com/containous/traefik/pull/3790
https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1
https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b
https://github.com/containous/traefik/releases/tag/v1.6.6