Lucene search
GitHub_MCVELIST:CVE-2022-46153HistoryDec 08, 2022 - 9:46 p.m.
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik
2022-12-0821:46:22
CWE-295
GitHub_M
raw.githubusercontent.com
2
0.001 Low
EPSS
Percentile
44.6%
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
Related
prion
prion
Design/Logic Flaw
2022-12-08 22:15:00
veracode
veracode
Improper Certificate Validation
2022-12-11 05:00:27
github
github
Traefik routes exposed with an empty TLSOption
2022-12-08 16:11:12
osv
osv
CVE-2022-46153
2022-12-08 22:15:10
Traefik routes exposed with an empty TLSOption
2022-12-08 16:11:12
alpinelinux
alpinelinux
CVE-2022-46153
2022-12-08 22:15:00
cve
cve
CVE-2022-46153
2022-12-08 22:15:00
nessus
nessus
freebsd
freebsd
traefik -- multiple vulnerabilities
2022-12-08 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package traefik version 2.9.8-alt1
2023-02-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00