How severe is CVE-2020-15129?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2020-15129?

This is classified as CWE-601, which is a common weakness in software security.

CVE-2020-15129

MEDIUM Year: 2020

CVSS v3 Score

4.7

Medium

CVSS v2 Score

4.0

Medium

Weakness Type

CWE-601

View all →

Vulnerability Description

In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.

CVE-2012-0518

MEDIUM

CVSS:4.7(Medium)

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Re...

CWE-6012012

CVE-2017-6932

MEDIUM

CVSS:4.7(Medium)

Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. Th...

CWE-6012017

CVE-2019-15974

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to...

CWE-6012019

CVE-2019-8995

MEDIUM

CVSS:4.7(Medium)

The workspace client, openspace client, and app development client of TIBCO Software Inc.'s TIBCO ActiveMatrix BPM, TIBCO ActiveMatrix BPM Distribution for TIBCO Silver Fabric, and TIBCO Silver Fabric...

CWE-6012019

CVE-2020-3337

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation o...

CWE-6012020

CVE-2020-6365

MEDIUM

CVSS:4.7(Medium)

SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, Start Page allows an unauthenticated remote attacker to redirect users to a malicious site due to insufficient reverse tabna...

CWE-6012020

CVE-2020-15129

Vulnerability Description

Related Vulnerabilities

CVE-2012-0518

CVE-2017-6932

CVE-2019-15974

CVE-2019-8995

CVE-2020-3337

CVE-2020-6365