{"id":"CVE-2018-15598","details":"Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.","aliases":["GHSA-2cjc-rgmp-x649","GO-2023-1950"],"modified":"2026-04-10T04:06:20.576628Z","published":"2018-08-21T01:29:00.227Z","references":[{"type":"ADVISORY","url":"https://github.com/containous/traefik/pull/3790"},{"type":"ADVISORY","url":"https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1"},{"type":"ADVISORY","url":"https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b"},{"type":"ADVISORY","url":"https://github.com/containous/traefik/releases/tag/v1.6.6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/traefik/traefik","events":[{"introduced":"c210ab31d90e741dbe7dea48f76dabed0bbf44f0"},{"fixed":"feeb7f81a611eb58685ffd28478add6d179b091f"}],"database_specific":{"versions":[{"introduced":"1.6.0"},{"fixed":"1.6.6"}]}}],"versions":["v1.6.0","v1.6.1","v1.6.2","v1.6.3","v1.6.4","v1.6.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15598.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}