CVE-2024-45410 – HTTP client can remove the X-Forwarded headers in Traefik
https://notcve.org/view.php?id=CVE-2024-45410
Traefik is a golang, Cloud Native Application Proxy. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise, if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated. • https://github.com/jphetphoumy/traefik-CVE-2024-45410-poc https://github.com/traefik/traefik/releases/tag/v2.11.9 https://github.com/traefik/traefik/releases/tag/v3.1.3 https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv • CWE-345: Insufficient Verification of Data Authenticity CWE-348: Use of Less Trusted Source •
CVE-2024-39321 – Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
https://notcve.org/view.php?id=CVE-2024-39321
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available. Traefik es un proxy inverso HTTP y un equilibrador de carga. • https://github.com/traefik/traefik/releases/tag/v2.11.6 https://github.com/traefik/traefik/releases/tag/v3.0.4 https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3 https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9 • CWE-639: Authorization Bypass Through User-Controlled Key •