CVE-2019-12452

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12452

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12452.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-12452

Aliases

Withdrawn

2024-05-08T06:51:13.585840Z

Published

2019-05-29T19:29:00Z

Modified

2024-08-20T20:59:11.949699Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password hashes by reading the Basic HTTP Authentication or Digest HTTP Authentication section, or discover a key by reading the ClientTLS section. These can be found in the JSON response to a /api request.

References

Affected packages

Git / github.com/traefik/traefik

Affected ranges

Type: GIT
Repo: https://github.com/traefik/traefik
Events: Introduced

d4311f9cf55f8b49974158fd01ac5ad6006b906b

Affected versions

v1.*

v1.7.0

v1.7.1

v1.7.10

v1.7.11

v1.7.12

v1.7.13

v1.7.14

v1.7.15

v1.7.16

v1.7.17

v1.7.18

v1.7.19

v1.7.2

v1.7.20

v1.7.21

v1.7.22

v1.7.23

v1.7.24

v1.7.25

v1.7.26

v1.7.27

v1.7.28

v1.7.29

v1.7.3

v1.7.30

v1.7.31

v1.7.32

v1.7.33

v1.7.34

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v2.*

v2.0.0

v2.0.0-alpha1

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-alpha4

v2.0.0-alpha5

v2.0.0-alpha6

v2.0.0-alpha7

v2.0.0-alpha8

v2.0.0-beta1

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.1.0-rc3

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.10.0

v2.10.0-rc1

v2.10.0-rc2

v2.10.1

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.2.0

v2.2.0-rc1

v2.2.0-rc2

v2.2.0-rc3

v2.2.0-rc4

v2.2.1

v2.2.10

v2.2.11

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.3.0

v2.3.0-rc1

v2.3.0-rc2

v2.3.0-rc3

v2.3.0-rc4

v2.3.0-rc5

v2.3.0-rc6

v2.3.0-rc7

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4.0

v2.4.0-rc1

v2.4.0-rc2

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5.0

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.5.0-rc5

v2.5.0-rc6

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.6.0

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.7.0

v2.7.0-rc1

v2.7.0-rc2

v2.7.1

v2.7.2

v2.7.3

v2.8.0

v2.8.0-rc1

v2.8.0-rc2

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.9.0-rc1

v2.9.0-rc2

v2.9.0-rc3

v2.9.0-rc4

v2.9.0-rc5

v2.9.1

v2.9.10

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0.0-beta1

v3.0.0-beta2

v3.0.0-beta3

v3.0.0-beta4