Github.Com Traefik Traefik V2 vulnerabilities

CVE-2024-39321 [HIGH] CWE-639 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes ### Impact There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.6 - https://github.com/traefik/traefik/rel

CVE-2024-35255 [MEDIUM] CWE-362 ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability ### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/trae

CVE-2024-24790 [CRITICAL] CWE-180 Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Traefik has unexpected behavior with IPv4-mapped IPv6 addresses ### Impact There is a vulnerability in [Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses](https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ). They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. ### Referen

CVE-2024-24788 [MEDIUM] CWE-1395 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop ### Impact There is a vulnerability in [GO managing malformed DNS message](https://groups.google.com/g/golang-announce/c/wkkO4P9stm0), which impacts Traefik. This vulnerability could be exploited to cause a denial of service. ### References - [CVE-2024-24788](https://www.cve.org/CVERecord?id=

CVE-2023-45288 [HIGH] Traefik affected by HTTP/2 CONTINUATION flood in net/http Traefik affected by HTTP/2 CONTINUATION flood in net/http There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 ## Workarounds No workaround ## For more information If you ha

CVE-2024-28869 [HIGH] CWE-404 Traefik vulnerable to denial of service with Content-length header Traefik vulnerable to denial of service with Content-length header There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` . Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.

CVE-2023-47633 [HIGH] CWE-400 Traefik docker container using 100% CPU Traefik docker container using 100% CPU ### Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. ### Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information: `Host(traefik-service) | webwebsec

CVE-2023-47124 [MEDIUM] CWE-400 Traefik vulnerable to potential DDoS via ACME HTTPChallenge Traefik vulnerable to potential DDoS via ACME HTTPChallenge ## Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the [HTTPChallenge](https://doc.traefik.io/traefik/https/acme/#httpchallenge) to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attacker

CVE-2023-47106 [MEDIUM] CWE-177 Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass ### Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend

CVE-2023-29013 [HIGH] CWE-400 Traefik HTTP header parsing could cause a denial of service Traefik HTTP header parsing could cause a denial of service ### Impact There is a vulnerability in [Go when parsing the HTTP headers](https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8/m/OV40vnafAwAJ), which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the parsed headers. This behavior could be exploited to cause a denial of service. ### Refer

CVE-2022-46153 [MEDIUM] CWE-295 Traefik routes exposed with an empty TLSOption Traefik routes exposed with an empty TLSOption ## Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted [TLSOption](https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options) is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificat

CVE-2022-23469 [LOW] CWE-200 Traefik may display authorization header in the debug logs Traefik may display authorization header in the debug logs ### Impact There is a potential vulnerability in Traefik displaying the Authorization header in its debug logs. Traefik uses [oxy](https://github.com/vulcand/oxy) to provide the following features: - Round Robin: https://doc.traefik.io/traefik/routing/services/#weighted-round-robin-service - Buffering: https://doc.traefik.io/traefik/middlewares/ht

CVE-2022-39271 [HIGH] CWE-400 Traefik HTTP/2 connections management could cause a denial of service Traefik HTTP/2 connections management could cause a denial of service ### Impact There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. ### Patches Traefik v2.8.x: https://github.com/traefik/traefik/releases/tag/v2.8.8

CVE-2022-23632 [HIGH] CWE-295 Skip the router TLS configuration when the host header is an FQDN Skip the router TLS configuration when the host header is an FQDN ### Impact People that configure mTLS between Traefik and clients. For a request, the TLS configuration choice can be different than the router choice, which implies the use of a wrong TLS configuration. - When sending a request using FQDN handled by a router configured with a dedicated TLS configuration, the TLS configuration falls

CVE-2020-15129 [MEDIUM] CWE-601 Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header ## Summary There exists a potential open redirect vulnerability in Traefik's handling of the `X-Forwarded-Prefix` header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team addressed this issue nonetheless to prevent abuse in e.g. cache poisonin

CVE-2019-20894 [HIGH] CWE-287 Improper Authentication Improper Authentication Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.

CVE-2021-32813 [MEDIUM] CWE-913 Header dropping in traefik Header dropping in traefik # Impact There exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. # Details If you have a chain of Traefik middlewares, and one of them sets a request header `Important