147 matches found
CVE-2023-1782 Nomad Unauthenticated Client Agent HTTP Request Privilege Escalation
HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. This issue is fixed in version 1.5.3...
CVE-2023-27493
A flaw was found in Envoy. Envoy doesn't escape HTTP header values due to a specifically constructed HTTP request or mTLS connection with a specifically crafted client certificate. Envoy configuration must also include an option to add request headers that were generated using inputs from the...
CVE-2022-31733
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then a...
CVE-2022-31733
Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, apps are accessible via another port on diego cells, allowing application ingress without a client certificate. If mTLS route integrity is enabled AND unproxied ports are turned off, then a...
CVE-2022-31733
The CVE-2022-31733 issue affects Cloud Foundry’s CF Diego cells and CF Deployment, where starting with diego-release 2.55.0–2.69.0 and CF Deployment 17.1–23.2.0, apps are reachable via an additional port on diego cells, enabling ingress without a client certificate when mTLS route integrity is en...
CVE-2022-31733: Unsecured Application Port | Cloud Foundry
High Vendor Cloud Foundry Foundation Description Apps running on cf-deployment are accessible unproxied via a programmatically-generated port on diego cells. The route integrity with mTLS feature rep.containers.proxy.requireandverifyclientcertificates, exposes an additional port that requires a...
Improper Certificate Validation
github.com/traefik/traefik is vulnerable to improper certificate validation. A route secured using the mTLS connection is exposed to remote attackers due to improper client certificate verification when the TLSOption is empty...
FreeBSD : traefik -- multiple vulnerabilities (508da89c-78b9-11ed-854f-5404a68ad561)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 508da89c-78b9-11ed-854f-5404a68ad561 advisory. - Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are...
Design/Logic Flaw
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2022-46153
Traefik (open source HTTP reverse proxy/load balancer) prior to version 2.9.6 is affected by CVE-2022-46153: a router configured with a not well-formatted TLSOption can be exposed with an empty TLSOption, potentially enabling routes secured with mTLS to operate without proper client-certificate v...
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
CVE-2022-46153
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS...
GHSA-468W-8X39-GJ5V Traefik routes exposed with an empty TLSOption
Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client...
Traefik routes exposed with an empty TLSOption
Impact There is a potential vulnerability in Traefik managing the TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client...
CVE-2022-31183
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
Design/Logic Flaw
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...
CVE-2022-31183
The CVE-2022-31183 issue affects fs2-io running on Node.js, where server-mode TLSSocket with requestCert = true incorrectly ignores the setting and skips peer certificate verification. Root cause: the Node.js implementation of fs2-io mishandled mTLS, while the JVM TLS path is unaffected. Impact: ...
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. fs2-io running on...