Lucene search

PRIOn knowledge basePRION:CVE-2023-47106

HistoryDec 04, 2023 - 9:15 p.m.

Improper access control

2023-12-0421:15:00

PRIOn knowledge base

www.prio-n.com

traefik

http reverse proxy

load balancer

url fragment

rfc 7230

nginx

security vulnerability

upgrade

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.7%

JSON

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CPENameOperatorVersion
traefikeq3.0.0 beta3
traefikeq3.0.0 beta2
traefikeq3.0.0 beta1
traefikle2.10.5
traefikeq3.0.0 beta4

Name	Operator	Version
traefik	eq	3.0.0 beta3
traefik	eq	3.0.0 beta2
traefik	eq	3.0.0 beta1
traefik	le	2.10.5
traefik	eq	3.0.0 beta4

References

datatracker.ietf.org/doc/html/rfc7230

github.com/traefik/traefik/releases/tag/v2.10.6

github.com/traefik/traefik/releases/tag/v3.0.0-beta5

github.com/traefik/traefik/security/advisories/GHSA-fvhj-4qfh-q2hm