CVE-2023-47633

Exploit

EPSS 0.64%
Published 04.12.2023 21:15:34
Last modified 21.11.2024 08:30:34
Source security-advisories@github.com
Teams watchlist Login
Open Login

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Traefik ≫ Traefik Version <= 2.10.5

Traefik ≫ Traefik Version3.0.0 Updatebeta1

Traefik ≫ Traefik Version3.0.0 Updatebeta2

Traefik ≫ Traefik Version3.0.0 Updatebeta3

Traefik ≫ Traefik Version3.0.0 Updatebeta4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.64%	0.695

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/traefik/traefik/releases/tag/v2.10.6

Release Notes

https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5

Release Notes

https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-47633

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-47633

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-47633

EUVD