Lucene search
Veracode Vulnerability DatabaseVERACODE:34276HistoryFeb 18, 2022 - 7:50 a.m.
Insecure TLS Configuration
2022-02-1807:50:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.001 Low
EPSS
Percentile
36.4%
github.com/traefik/traefik uses an insecure TLS configuration. Users that configures mTLS between Traefik and clients are vulnerable to the flaw. The TLS configuration choice could be different than the router choice which leads to the use of wrong TLS configuration mechanism, allowing remote attackers to exploit the vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/traefik/traefik | le | v2.6.0 | |
| github.com/traefik/traefik | le | v2.6.0 |
References
github.com/golang/vulndb/issues/325
github.com/traefik/traefik/commit/0c83ee736ca4aa93bba2d4cce4c00fd247785915
github.com/traefik/traefik/pull/8764
github.com/traefik/traefik/releases/tag/v2.6.1
github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc
www.oracle.com/security-alerts/cpujul2022.html
Related
cnvd
cnvd
Containous Traefik Trust Management Issue Vulnerability (CNVD-2022-13371)
2022-02-18 00:00:00
redhatcve
redhatcve
CVE-2022-23632
2022-05-20 22:43:07
cvelist
cvelist
osv
osv
CVE-2022-23632
2022-02-17 15:15:09
Skip the router TLS configuration when the host header is an FQDN
2022-02-16 22:30:57
nvd
nvd
CVE-2022-23632
2022-02-17 15:15:09
github
github
Skip the router TLS configuration when the host header is an FQDN
2022-02-16 22:30:57
prion
prion
Default configuration
2022-02-17 15:15:00
cve
cve
CVE-2022-23632
2022-02-17 15:15:09
oracle
oracle
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - July 2022
2022-07-19 00:00:00