CVE-2019-20894
https://notcve.org/view.php?id=CVE-2019-20894
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred. Traefik versiones 2.x, en determinadas configuraciones, permite a unas sesiones HTTPS continuar sin verificación mutua de TLS en una situación donde ERR_BAD_SSL_CLIENT_AUTH_CERT debería haber ocurrido • https://github.com/containous/traefik/issues/5312 • CWE-295: Improper Certificate Validation •
CVE-2020-9321
https://notcve.org/view.php?id=CVE-2020-9321
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. configurationwatcher.go en Traefik versiones 2.x anteriores a 2.1.4 y TraefikEE versión 2.0.0, maneja inapropiadamente la depuración del contenido del certificado de proveedores antes de iniciar sesión. • https://github.com/containous/traefik/pull/6281 https://github.com/containous/traefik/releases/tag/v2.1.4 • CWE-295: Improper Certificate Validation •