CVE-2022-39271 – Traefik HTTP/2 connections management could cause a denial of service
https://notcve.org/view.php?id=CVE-2022-39271
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. • https://github.com/traefik/traefik/releases/tag/v2.8.8 https://github.com/traefik/traefik/releases/tag/v2.9.0-rc5 https://github.com/traefik/traefik/security/advisories/GHSA-c6hx-pjc3-7fqr • CWE-400: Uncontrolled Resource Consumption CWE-755: Improper Handling of Exceptional Conditions •
CVE-2022-23632 – Traefik skips the router TLS configuration when the host header is an FQDN
https://notcve.org/view.php?id=CVE-2022-23632
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.6.1, Traefik skips the router transport layer security (TLS) configuration when the host header is a fully qualified domain name (FQDN). For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls back to the default configuration that might not correspond to the configured one. If the CNAME flattening is enabled, the selected TLS configuration is the SNI one and the routing uses the CNAME value, so this can skip the expected TLS configuration. • https://github.com/traefik/traefik/pull/8764 https://github.com/traefik/traefik/releases/tag/v2.6.1 https://github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc https://www.oracle.com/security-alerts/cpujul2022.html • CWE-295: Improper Certificate Validation •
CVE-2021-32813 – Drop Headers via Malicious Connection Header
https://notcve.org/view.php?id=CVE-2021-32813
Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. • https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9 https://github.com/traefik/traefik/releases/tag/v2.4.13 https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg • CWE-913: Improper Control of Dynamically-Managed Code Resources •
CVE-2020-15129 – Open redirect in Traefik
https://notcve.org/view.php?id=CVE-2020-15129
In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded-Prefix" is a site relative path and will redirect to any header provided URI. Successful exploitation of an open redirect can be used to entice victims to disclose sensitive information. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios. En Traefik antes de las versiones 1.7.26, 2.2.8 y 2.3.0-rc3, se presenta una posible vulnerabilidad de redireccionamiento abierto en el manejo del encabezado "X-Forwarded-Prefix" de Traefik. • https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2 https://github.com/containous/traefik/pull/7109 https://github.com/containous/traefik/releases/tag/v1.7.26 https://github.com/containous/traefik/releases/tag/v2.2.8 https://github.com/containous/traefik/releases/tag/v2.3.0-rc3 https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-20894
https://notcve.org/view.php?id=CVE-2019-20894
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred. Traefik versiones 2.x, en determinadas configuraciones, permite a unas sesiones HTTPS continuar sin verificación mutua de TLS en una situación donde ERR_BAD_SSL_CLIENT_AUTH_CERT debería haber ocurrido • https://github.com/containous/traefik/issues/5312 • CWE-295: Improper Certificate Validation •