CVE-2020-9321
published 2020-03-16CVE-2020-9321: configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
PriorityP433high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.72%
49.3th percentile
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | containous_traefik_v2 | >= 0 < 2.1.4 | 2.1.4 |
| github.com | traefik_traefik | >= 0 < 2.1.4 | 2.1.4 |
| traefik | traefik | 2.0.0 – 2.1.4 | — |
| traefik | traefik_enterprise | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Certificate Handling in github.com/containous/traefik
osv·2024-08-21
CVE-2020-9321 Improper Certificate Handling in github.com/containous/traefik
Improper Certificate Handling in github.com/containous/traefik
Improper Certificate Handling in github.com/containous/traefik
OSV
Traefik has an Improper Certificate Handling issue
osv·2021-09-02
CVE-2020-9321 [MEDIUM] Traefik has an Improper Certificate Handling issue
Traefik has an Improper Certificate Handling issue
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
GHSA
Traefik has an Improper Certificate Handling issue
ghsa·2021-09-02
CVE-2020-9321 [MEDIUM] CWE-200 Traefik has an Improper Certificate Handling issue
Traefik has an Improper Certificate Handling issue
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-03-16
Published