Latest Traefik Vulnerabilities

CVE-2023-47633
Uncontrolled Resource Consumption in Traefik
go/github.com/traefik/traefik/v3<3.0.0-beta5
go/github.com/traefik/traefik/v2<2.10.6
Traefik Traefik<=2.10.5
Traefik Traefik=3.0.0-beta1
Traefik Traefik=3.0.0-beta2
Traefik Traefik=3.0.0-beta3
and 1 more
CVE-2023-47106
Incorrect processing of fragment in the URL leads to Authorization Bypass in Traefik
go/github.com/traefik/traefik/v3<3.0.0-beta5
go/github.com/traefik/traefik/v2<2.10.6
Traefik Traefik<=2.10.5
Traefik Traefik=3.0.0-beta1
Traefik Traefik=3.0.0-beta2
Traefik Traefik=3.0.0-beta3
and 1 more
CVE-2023-47124
Denial of service whith ACME HTTPChallenge in Traefik
go/github.com/traefik/traefik/v3<3.0.0-beta5
go/github.com/traefik/traefik/v2<2.10.6
Traefik Traefik<=2.10.5
Traefik Traefik=3.0.0-beta1
Traefik Traefik=3.0.0-beta2
Traefik Traefik=3.0.0-beta3
and 1 more
CVE-2023-44487
- Rapid Reset HTTP/2 vulnerability
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
Microsoft Windows Server 2022
Microsoft Windows Server 2022
Microsoft Windows 11=22H2
Microsoft Windows 11=22H2
and 556 more
CVE-2023-29013
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP hea...
Traefik Traefik<2.9.10
Traefik Traefik=2.10.0-rc1
CVE-2022-46153
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatt...
Traefik Traefik<2.9.6
CVE-2022-23469
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In ce...
Traefik Traefik<2.9.6
CVE-2022-39271
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A clos...
Traefik Traefik<2.8.8
Traefik Traefik=2.9.0-rc1
Traefik Traefik=2.9.0-rc2
Traefik Traefik=2.9.0-rc3
Traefik Traefik=2.9.0-rc4
CVE-2022-23632
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name ...
Traefik Traefik<2.6.1
Oracle Communications Unified Inventory Management=7.5.0
CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this i...
Traefik Traefik<2.4.13
CVE-2020-15129
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard compon...
Traefik Traefik<1.7.26
Traefik Traefik>=2.2.0<2.2.8
Traefik Traefik=2.3.0
Traefik Traefik=2.3.0-rc1
Traefik Traefik=2.3.0-rc2
CVE-2019-20894
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
Traefik Traefik>=2.0.0<2.0.1
CVE-2020-9321
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
Traefik Traefik>=2.0.0<=2.1.4
Traefik Traefik=2.0.0
CVE-2019-12452
types/types.go in Containous Traefik 1.7.x through 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API doc...
go/github.com/traefik/traefik>=1.7.0<=1.7.11
Traefik Traefik>=1.7.0<=1.7.11
CVE-2018-15598
Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.
go/github.com/traefik/traefik>=1.6.0<1.6.6
Traefik Traefik>=1.6.0<1.6.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203