Traefik Missing Authentication
High severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Oct 5, 2023
Package
Affected versions
>= 1.6.0, < 1.6.6
Patched versions
1.6.6
Description
Published by the National Vulnerability Database
Aug 21, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Jul 19, 2023
Last updated
Oct 5, 2023
Containous Traefik 1.6.x before 1.6.6, when
--api
is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.References