8.1

CVE-2022-46153

EPSS 1.02%
Published 08.12.2022 22:15:10
Last modified 21.11.2024 07:30:12
Source security-advisories@github.com
Teams watchlist Login
Open Login

Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.

Affected products Warnungen 0 Metrics 3 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Traefik ≫ Traefik Version < 2.9.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.02%	0.765

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://github.com/traefik/traefik/releases/tag/v2.9.6

Third Party Advisory

Release Notes

https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options

Vendor Advisory

Product

https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a

Patch

Third Party Advisory

https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v

Patch

Third Party Advisory

Mitigation

https://nvd.nist.gov/vuln/detail/CVE-2022-46153

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-46153

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-46153

EUVD