CVE-2023-47633
published 2023-12-04CVE-2023-47633: Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.27%
66.2th percentile
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | traefik_traefik_v2 | >= 0 < 2.10.6 | 2.10.6 |
| github.com | traefik_traefik_v3 | >= 0 < 3.0.0-beta5 | 3.0.0-beta5 |
| traefik | traefik | < 2.10.6 | 2.10.6 |
| traefik | traefik | <= 2.10.5 | — |
| traefik | traefik | — | — |
| traefik | traefik | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Traefik docker container using 100% CPU in github.com/traefik/traefik
osv·2024-08-21
CVE-2023-47633 Traefik docker container using 100% CPU in github.com/traefik/traefik
Traefik docker container using 100% CPU in github.com/traefik/traefik
Traefik docker container using 100% CPU in github.com/traefik/traefik
GHSA
Traefik docker container using 100% CPU
ghsa·2023-12-05
CVE-2023-47633 [HIGH] CWE-400 Traefik docker container using 100% CPU
Traefik docker container using 100% CPU
### Summary
The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration.
### Details
While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information:
`Host(traefik-service) | webwebsecure | traefik-service@docker | traefik-service`
I assumed that this is something internal; however, I wondered why it would have a host rule on the web entrypoint configured.
So I have send a request with that hostname with `curl -v --resolve "traefik-service:80:xxx.xxx.xxx.xxx" http://traefik-service`. That made my whole server unresponsive.
I assume the name come
OSV
Traefik docker container using 100% CPU
osv·2023-12-05
CVE-2023-47633 [HIGH] Traefik docker container using 100% CPU
Traefik docker container using 100% CPU
### Summary
The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration.
### Details
While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information:
`Host(traefik-service) | webwebsecure | traefik-service@docker | traefik-service`
I assumed that this is something internal; however, I wondered why it would have a host rule on the web entrypoint configured.
So I have send a request with that hostname with `curl -v --resolve "traefik-service:80:xxx.xxx.xxx.xxx" http://traefik-service`. That made my whole server unresponsive.
I assume the name come
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/traefik/traefik/releases/tag/v2.10.6https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7phttps://github.com/traefik/traefik/releases/tag/v2.10.6https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p
2023-12-04
Published