CVE-2019-20894
First published: Thu Jul 02 2020(Updated: )
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Traefik Traefik | >=2.0.0<2.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-20894?
The severity of CVE-2019-20894 is rated as high with a score of 7.5.
How does Traefik 2.x in certain configurations allow HTTPS sessions to proceed without mutual TLS verification?
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
Is Microsoft Visual Studio 2022 affected by CVE-2019-20894?
Yes, Microsoft Visual Studio 2022 is affected by CVE-2019-20894.
Is there a fix available for CVE-2019-20894?
Yes, a fix is available for CVE-2019-20894. Refer to the provided reference for more information.
What is the CWE code for CVE-2019-20894?
The CWE code for CVE-2019-20894 is 295.
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/traefik
- canonical/traefik traefik
- version/traefik traefik/2.0.0