Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Traefik: TCP readTimeout bypass via STARTTLS on Postgres
Vulnerability Description
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest (STARTTLS) prelude and then stalling, causing connections to remain open indefinitely, leading to a denial of service. This vulnerability is fixed in 3.6.8.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
authentik 资源管理错误漏洞
Vulnerability Description
authentik是authentik开源的一个开源身份提供应用程序。 authentik 3.6.8之前版本存在资源管理错误漏洞,该漏洞源于处理STARTTLS请求时存在潜在漏洞,可能导致未经验证的客户端通过发送Postgres SSLRequest前导并停滞来绕过响应超时,造成拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A