CVE-2020-9321Improper Certificate Validation in Containous Traefik V2

CWE-295Improper Certificate ValidationCWE-200Sensitive Information Exposure5 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 63.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Github.com Containous Traefik V2Github.com Traefik TraefikTraefik+1 more
Timeline
PublishedMar 16
Latest updateAug 21

Description

configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDtraefik/traefik2.0.02.1.4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Improper Certificate Handling in github.com/containous/traefik2024-08-21
OSV
Traefik has an Improper Certificate Handling issue2021-09-02
GHSA
Traefik has an Improper Certificate Handling issue2021-09-02
CVEList
CVE-2020-9321: configurationwatcher2020-03-16
CVE-2020-9321 — Improper Certificate Validation | cvebase