SCA: security update for github.com/traefik/traefik/v2 (GHSA-h2ph-vhm7-g4hp)

medium Tenable Cloud Security Plugin ID 415408

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a
potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain
cases, if the log level is set to DEBUG, credentials provided using the Authorization header are displayed
in the debug logs. Attackers must have access to a users logging system in order for credentials to be
stolen. This issue has been addressed in version 2.9.6. Users are advised to upgrade. Users unable to
upgrade may set the log level to `INFO`, `WARN`, or `ERROR`. (CVE-2022-23469)

See Also

https://github.com/advisories/GHSA-h2ph-vhm7-g4hp

Plugin Details

Severity: Medium

ID: 415408

Version: Revision 1.7

Type: Local

Family: SCA Checks

Published: 1/23/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2022-23469

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/8/2022

Vulnerability Publication Date: 12/8/2022

Reference Information

CVE: CVE-2022-23469