github.com/traefik/traefik uses an insecure TLS configuration. Users that configures mTLS
between Traefik and clients are vulnerable to the flaw. The TLS configuration choice could be different than the router choice which leads to the use of wrong TLS configuration mechanism, allowing remote attackers to exploit the vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/traefik/traefik | le | v2.6.0 | |
github.com/traefik/traefik | le | v2.6.0 |
github.com/golang/vulndb/issues/325
github.com/traefik/traefik/commit/0c83ee736ca4aa93bba2d4cce4c00fd247785915
github.com/traefik/traefik/pull/8764
github.com/traefik/traefik/releases/tag/v2.6.1
github.com/traefik/traefik/security/advisories/GHSA-hrhx-6h34-j5hc
www.oracle.com/security-alerts/cpujul2022.html