CVE-2022-46153

CVSS V2 None CVSS V3 None
Description
Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.
Overview
  • CVE ID
  • CVE-2022-46153
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-12-08T22:15:10
  • Last Modified Date
  • 2022-12-12T18:44:03
Weakness Enumerations
CWE URL
CWE-295 http://cwe.mitre.org/data/definitions/295.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* 1 OR 2.9.6
References
Reference URL Reference Tags
https://doc.traefik.io/traefik/v2.9/https/tls/#tls-options
https://github.com/traefik/traefik/commit/7e3fe48b80083b41e9ff82a474a36484cabc701a
https://github.com/traefik/traefik/releases/tag/v2.9.6
https://github.com/traefik/traefik/security/advisories/GHSA-468w-8x39-gj5v
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-46153
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46153
History
Created Old Value New Value Data Type Notes
2022-12-08 23:16:24 Added to TrackCVE
2022-12-12 01:14:43 2022-12-08T22:15:10.563 2022-12-08T22:15:10 CVE Published Date updated
2022-12-12 01:14:43 2022-12-08T22:30:17 CVE Modified Date updated
2022-12-12 01:14:43 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-12 12:24:16 Undergoing Analysis Awaiting Analysis Vulnerability Status updated
2022-12-12 13:15:27 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2022-12-12 19:15:34 2022-12-12T18:44:03 CVE Modified Date updated
2022-12-12 19:15:34 Undergoing Analysis Analyzed Vulnerability Status updated
2022-12-12 19:15:34 CWE-295 Weakness Enumeration new
2022-12-12 19:15:36 CPE Information updated