漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Traefik: ForwardAuth trustForwardHeader=false allows spoofed X-Forwarded-Prefix to bypass auth
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is an authentication bypass vulnerability in Traefik's ForwardAuth middleware when trustForwardHeader=false is configured and Traefik is deployed behind a trusted upstream proxy. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Traefik 数据伪造问题漏洞
Vulnerability Description
Traefik是Traefik开源的一款反向代理与负载均衡工具。 Traefik 2.11.43之前版本、3.6.14之前版本和3.7.0-rc.2之前版本存在数据伪造问题漏洞,该漏洞源于ForwardAuth中间件在配置trustForwardHeader=false且部署在受信任上游代理后存在认证绕过漏洞。
CVSS Information
N/A
Vulnerability Type
N/A