CVE-2024-52003

low-risk

Published 2024-11-29

Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Do I need to act?

0.18% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.1/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Traefik

Affected Vendors

Traefik

References (4)

Patch https://github.com/traefik/traefik/pull/11253

Release Notes https://github.com/traefik/traefik/releases/tag/v2.11.14

Release Notes https://github.com/traefik/traefik/releases/tag/v3.2.1

Patch https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg

/ 100

low-risk

Severity 23/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal