Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Routes exposed with an empty TLSOption in traefik
Vulnerability Description
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Containous Traefik 信任管理问题漏洞
Vulnerability Description
Containous Traefik是美国Containous公司的一款反向代理和负载平衡器。 Containous Traefik 2.9.6之前版本存在信任管理问题漏洞,该漏洞源于在管理TLS连接时存在潜在问题,配置了格式不正确的TLSOption的路由器会以空的TLSOption暴露出来。
CVSS Information
N/A
Vulnerability Type
N/A