Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
traefik traefik vulnerabilities and exploits
(subscribe to this query)
4.7
CVSSv3
CVE-2020-15129
In Traefik prior to 1.7.26, 2.2.8, and 2.3.0-rc3, there exists a potential open redirect vulnerability in Traefik's handling of the "X-Forwarded-Prefix" header. The Traefik API dashboard component doesn't validate that the value of the header "X-Forwarded...
Traefik Traefik
Traefik Traefik 2.3.0
7.5
CVSSv3
CVE-2023-29013
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. There is a vulnerability in Go when parsing the HTTP headers, which impacts Traefik. HTTP header parsing could allocate substantially more memory than required to hold the p...
Traefik Traefik 2.10.0
Traefik Traefik
7.5
CVSSv3
CVE-2023-47633
Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addresse...
Traefik Traefik 3.0.0
Traefik Traefik
7.5
CVSSv3
CVE-2020-9321
configurationwatcher.go in Traefik 2.x prior to 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
Traefik Traefik
Traefik Traefik 2.0.0
6.5
CVSSv3
CVE-2023-47106
Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain ...
Traefik Traefik 3.0.0
Traefik Traefik
5.9
CVSSv3
CVE-2023-47124
Traefik is an open source HTTP reverse proxy and load balancer. When Traefik is configured to use the `HTTPChallenge` to generate and renew the Let's Encrypt TLS certificates, the delay authorized to solve the challenge (50 seconds) can be exploited by malicious users to ach...
Traefik Traefik 3.0.0
Traefik Traefik
7.5
CVSSv3
CVE-2022-39271
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal er...
Traefik Traefik
Traefik Traefik 2.9.0
6.5
CVSSv3
CVE-2022-46153
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured u...
Traefik Traefik
7.5
CVSSv3
CVE-2019-20894
Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
Traefik Traefik
7.5
CVSSv3
CVE-2019-12452
types/types.go in Containous Traefik 1.7.x up to and including 1.7.11, when the --api flag is used and the API is publicly reachable and exposed without sufficient access control (which is contrary to the API documentation), allows remote authenticated users to discover password ...
Traefik Traefik
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »