CVE-2022-23469

Name
CVE-2022-23469
Description
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to `INFO`, `WARN`, or `ERROR`.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/traefik/traefik/pull/9574
MISC https://github.com/traefik/traefik/releases/tag/v2.9.6
MISC https://github.com/traefik/traefik/security/advisories/GHSA-h2ph-vhm7-g4hp

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* traefik >= None < 2.9.6

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
traefik 3.17-community 2.9.4-r2 Francesco Colista <fcolista@alpinelinux.org> possibly vulnerable