THREAT OPS › Threat News › [GHSA] GHSA-g936-7jqj-mwv8 (critical) — TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation
[GHSA] GHSA-g936-7jqj-mwv8 (critical) — TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation
GHSA-g936-7jqj-mwv8 Severity: critical CVE: None
TSDProxy: Internal proxy auth token forwarded to backend services enables management API escalation
## Description
A vulnerability was discovered in TSDProxy where it forwards its internal per-process authentication token to all proxied backend services. When `identityHeaders` is enabled (the default), tsdproxy injects `x-tsdproxy-auth-token` int
MITRE ATT&CK techniques
Indicators of compromise
- http://127.0.0.1:8080/api/v1/proxiesurl
- https://sechub.devurl
Original source: https://github.com/advisories/GHSA-g936-7jqj-mwv8