Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traefik Vulnerable to BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.42, 3.6.11, and 3.7.0-ea.3, when `headerField` is configured with a non-canonical HTTP header name (e.g., `x-auth-user` instead of `X-Auth-User`), an authenticated attacker can inject their own canonical version of that header to impersonate any identity to the backend. The backend receives two header entries — the attacker-injected canonical one is read first, overriding Traefik's non-canonical write. Versions 2.11.42, 3.6.11, and 3.7.0-ea.3 patch the issue.
CVSS Information
N/A
Vulnerability Type
使用欺骗进行的认证绕过
Vulnerability Title
Traefik 安全漏洞
Vulnerability Description
Traefik是Traefik开源的一款反向代理与负载均衡工具。 Traefik 2.11.42之前版本、3.6.11之前版本和3.7.0-ea.3之前版本存在安全漏洞,该漏洞源于配置非规范HTTP标头名称时,可能导致经过身份验证的攻击者注入标头并冒充身份。
CVSS Information
N/A
Vulnerability Type
N/A