漏洞标题
在Traefik中暴露的TLS选项为空的路由
漏洞描述信息
在traefik中,使用空TLSOption暴露的路由
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
漏洞类别
N/A
漏洞标题
Routes exposed with an empty TLSOption in traefik
漏洞描述信息
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
漏洞类别
证书验证不恰当
漏洞标题
Containous Traefik 信任管理问题漏洞
漏洞描述信息
Containous Traefik是美国Containous公司的一款反向代理和负载平衡器。 Containous Traefik 2.9.6之前版本存在信任管理问题漏洞,该漏洞源于在管理TLS连接时存在潜在问题,配置了格式不正确的TLSOption的路由器会以空的TLSOption暴露出来。
CVSS信息
N/A
漏洞类别
信任管理问题