Github.Com Traefik Traefik V3 vulnerabilities

CVE-2024-52003 [MEDIUM] CWE-601 Traefik's X-Forwarded-Prefix Header still allows for Open Redirect Traefik's X-Forwarded-Prefix Header still allows for Open Redirect ### Impact There is a vulnerability in Traefik that allows the client to provide the `X-Forwarded-Prefix` header from an untrusted source. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.14 - https://github.com/traefik/traefik/releases/tag/v3.2.1 ### Workarounds No workaround. ### For more information If

CVE-2024-45410 [CRITICAL] CWE-345 HTTP client can manipulate custom HTTP headers that are added by Traefik HTTP client can manipulate custom HTTP headers that are added by Traefik ### Impact There is a vulnerability in Traefik that allows the client to remove the X-Forwarded headers (except the header X-Forwarded-For). ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.9 - https://github.com/traefik/traefik/releases/tag/v3.1.3 ### Workarounds No workaround. ### For more i

CVE-2024-39321 [HIGH] CWE-639 Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes ### Impact There is a vulnerability in Traefik that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. ### Patches - https://github.com/traefik/traefik/releases/tag/v2.11.6 - https://github.com/traefik/traefik/rel

CVE-2024-35255 [MEDIUM] CWE-362 ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability ### Impact There is a vulnerability in [Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability](https://nvd.nist.gov/vuln/detail/CVE-2024-35255). ### References - [CVE-2024-35255](https://nvd.nist.gov/vuln/detail/CVE-2024-35255) ### Patches - https://github.com/traefik/trae

CVE-2024-24790 [CRITICAL] CWE-180 Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Traefik has unexpected behavior with IPv4-mapped IPv6 addresses ### Impact There is a vulnerability in [Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses](https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ). They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. ### Referen

CVE-2024-24788 [MEDIUM] CWE-1395 Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop ### Impact There is a vulnerability in [GO managing malformed DNS message](https://groups.google.com/g/golang-announce/c/wkkO4P9stm0), which impacts Traefik. This vulnerability could be exploited to cause a denial of service. ### References - [CVE-2024-24788](https://www.cve.org/CVERecord?id=

CVE-2023-45288 [HIGH] Traefik affected by HTTP/2 CONTINUATION flood in net/http Traefik affected by HTTP/2 CONTINUATION flood in net/http There is a potential vulnerability in Traefik managing HTTP/2 connections. More details in the [CVE-2023-45288](https://www.cve.org/CVERecord?id=CVE-2023-45288). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.2 - https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5 ## Workarounds No workaround ## For more information If you ha

CVE-2024-28869 [HIGH] CWE-404 Traefik vulnerable to denial of service with Content-length header Traefik vulnerable to denial of service with Content-length header There is a potential vulnerability in Traefik managing requests with `Content-length` and no `body` . Sending a `GET` request to any Traefik endpoint with the `Content-length` request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service.

CVE-2023-47633 [HIGH] CWE-400 Traefik docker container using 100% CPU Traefik docker container using 100% CPU ### Summary The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. ### Details While attempting to set up Traefik to handle traffic for Docker containers, I observed in the webUI a rule with the following information: `Host(traefik-service) | webwebsec

CVE-2023-47124 [MEDIUM] CWE-400 Traefik vulnerable to potential DDoS via ACME HTTPChallenge Traefik vulnerable to potential DDoS via ACME HTTPChallenge ## Impact There is a potential vulnerability in Traefik managing the ACME HTTP challenge. When Traefik is configured to use the [HTTPChallenge](https://doc.traefik.io/traefik/https/acme/#httpchallenge) to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by attacker

CVE-2023-47106 [MEDIUM] CWE-177 Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass ### Summary When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates the RFC because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend