CVE-2024-39321
published 2024-07-05CVE-2024-39321: Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
0.59%
43.9th percentile
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | traefik_traefik_v2 | >= 0 < 2.11.6 | 2.11.6 |
| github.com | traefik_traefik_v3 | >= 3.0.0-beta3 < 3.0.4 | 3.0.4 |
| github.com | traefik_traefik_v3 | >= 3.1.0-rc1 < 3.1.0-rc3 | 3.1.0-rc3 |
| traefik | traefik | < 2.11.6 | 2.11.6 |
| traefik | traefik | — | — |
| traefik | traefik | — | — |
| traefik | traefik | — | — |
| traefik | traefik | >= 3.0.0 < 3.0.4 | 3.0.4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik
osv·2024-07-09
CVE-2024-39321 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes in github.com/traefik/traefik
OSV
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
osv·2024-07-05
CVE-2024-39321 [HIGH] Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
### Impact
There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.
### Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.6
- https://github.com/traefik/traefik/releases/tag/v3.0.4
- https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3
### Workarounds
No workaround.
### For more information
If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
Original Description
### Summary
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.
GHSA
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
ghsa·2024-07-05
CVE-2024-39321 [HIGH] CWE-639 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
### Impact
There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.
### Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.6
- https://github.com/traefik/traefik/releases/tag/v3.0.4
- https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3
### Workarounds
No workaround.
### For more information
If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).
Original Description
### Summary
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.
Red Hat
traefik: Bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
vendor_redhat·2024-07-04·CVSS 7.5
CVE-2024-39321 [HIGH] CWE-639 traefik: Bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
traefik: Bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes
Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.
An authorization bypass vulnerability was found in Traefik. This flaw allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses.
Statement: The vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes, while notable, is categorized as
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/traefik/traefik/releases/tag/v2.11.6https://github.com/traefik/traefik/releases/tag/v3.0.4https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9https://github.com/traefik/traefik/releases/tag/v2.11.6https://github.com/traefik/traefik/releases/tag/v3.0.4https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9
2024-07-05
Published