CVE-2018-15598 - Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if a

CVE-2018-15598

Summary

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.

References

https://github.com/containous/traefik/pull/3790
https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1
https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b
https://github.com/containous/traefik/releases/tag/v1.6.6

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

nessus via4

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_FE818607B5FF11E8856B485B3931C969.NASL
description	MITRE reports : Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
last seen	2018-09-14
modified	2018-09-12
plugin id	117445
published	2018-09-12
reporter	Tenable
source	https://www.tenable.com/plugins/index.php?view=single&id=117445
title	FreeBSD : Containous Traefik -- exposes the configuration and secret (fe818607-b5ff-11e8-856b-485b3931c969)

refmap via4

misc

https://github.com/containous/traefik/pull/3790
https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1
https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b
https://github.com/containous/traefik/releases/tag/v1.6.6

Last major update

20-08-2018 - 21:29

Published

20-08-2018 - 21:29

Last modified

20-08-2018 - 21:29