Skip to main content

Traefik CVE-2022-23469

MEDIUM
Information Exposure (CWE-200)
2022-12-08 security-advisories@github.com
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 08, 2022 - 22:15 nvd
MEDIUM 6.5

DescriptionNVD

Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to INFO, WARN, or ERROR.

AnalysisAI

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed in the debug logs. Attackers must have access to a users logging system in order for credentials to be stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to upgrade may set the log level to INFO, WARN, or ERROR. Affected products include: Traefik. Version information: prior to 2.9.6.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2023-47633 HIGH POC
7.5 Dec 04

Traefik is an open source HTTP reverse proxy and load balancer. Rated high severity (CVSS 7.5), this vulnerability is re

CVE-2019-12452 HIGH POC
7.5 May 29

types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable

CVE-2023-47106 MEDIUM POC
6.5 Dec 04

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is

CVE-2025-32431 HIGH
8.8 Apr 21

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-54365 HIGH
8.7 Jun 23

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inheri

CVE-2020-15129 MEDIUM POC
4.7 Jul 30

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik

CVE-2021-32813 HIGH
8.1 Aug 03

Traefik is an HTTP reverse proxy and load balancer. Rated high severity (CVSS 8.1), this vulnerability is remotely explo

CVE-2026-54763 HIGH
7.8 Jul 06

Identity/authorization header spoofing in Traefik reverse proxy (before v2.11.51, v3.6.22, and v3.7.6) lets an attacker

CVE-2026-32305 HIGH
7.8 Mar 20

Traefik reverse proxy and load balancer contains an mTLS authentication bypass vulnerability that allows attackers to ci

CVE-2026-26999 HIGH
7.5 Mar 05

Traefik versions before 2.11.38 and 3.6.9 allow remote attackers to cause denial of service by sending incomplete TLS re

CVE-2026-25949 HIGH
7.5 Feb 12

Denial of service in Traefik versions prior to 3.6.8 allows unauthenticated remote attackers to exhaust connection resou

CVE-2026-29054 HIGH
7.5 Mar 05

Traefik versions 2.11.9-2.11.37 and 3.1.3-3.6.8 contain a case-sensitivity bypass in Connection header handling that all

Share

CVE-2022-23469 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy