CVE-2020-9321
First published: Mon Mar 16 2020(Updated: )
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Traefik Traefik | >=2.0.0<=2.1.4 | |
| Traefik Traefik | =2.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this Traefik issue?
The vulnerability ID is CVE-2020-9321.
What is the severity rating of CVE-2020-9321?
The severity rating of CVE-2020-9321 is high (7.5).
Which versions of Traefik are affected by CVE-2020-9321?
Traefik versions 2.x before 2.1.4 and TraefikEE 2.0.0 are affected by CVE-2020-9321.
How does CVE-2020-9321 impact the affected software?
CVE-2020-9321 mishandles the purging of certificate contents from providers before logging in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0.
How can I fix CVE-2020-9321?
To fix CVE-2020-9321, update Traefik to version 2.1.4 or newer. The fix can be found in the Traefik release v2.1.4.
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/remedy
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/traefik
- canonical/traefik traefik
- version/traefik traefik/2.0.0
- version/traefik traefik/2.1.4