143 matches found
CVE-2022-31733
The CVE-2022-31733 issue affects Cloud Foundry’s CF Diego cells and CF Deployment, where starting with diego-release 2.55.0–2.69.0 and CF Deployment 17.1–23.2.0, apps are reachable via an additional port on diego cells, enabling ingress without a client certificate when mTLS route integrity is en...
CVE-2022-31733: Unsecured Application Port | Cloud Foundry
High Vendor Cloud Foundry Foundation Description Apps running on cf-deployment are accessible unproxied via a programmatically-generated port on diego cells. The route integrity with mTLS feature rep.containers.proxy.requireandverifyclientcertificates, exposes an additional port that requires a...
Improper Certificate Validation
github.com/traefik/traefik is vulnerable to improper certificate validation. A route secured using the mTLS connection is exposed to remote attackers due to improper client certificate verification when the TLSOption is empty...
FreeBSD : traefik -- multiple vulnerabilities (508da89c-78b9-11ed-854f-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 508da89c-78b9-11ed-854f-5404a68ad561 advisory. - Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are...
Design/Logic Flaw
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2022-46153
Traefik (open source HTTP reverse proxy/load balancer) prior to version 2.9.6 is affected by CVE-2022-46153: a router configured with a not well-formatted TLSOption can be exposed with an empty TLSOption, potentially enabling routes secured with mTLS to operate without proper client-certificate v...
CVE-2022-46153
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
Traefik routes exposed with an empty TLSOption
Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client...
GHSA-468W-8X39-GJ5V Traefik routes exposed with an empty TLSOption
Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client...
CVE-2022-31183
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Design/Logic Flaw
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
CVE-2022-31183
The CVE-2022-31183 issue affects fs2-io running on Node.js, where server-mode TLSSocket with requestCert = true incorrectly ignores the setting and skips peer certificate verification. Root cause: the Node.js implementation of fs2-io mishandled mTLS, while the JVM TLS path is unaffected. Impact: ...
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Improper Certificate Validation
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...