CVE-2023-47633

Published: Dec 4, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Traefik is an open source HTTP reverse proxy and load balancer. The traefik docker container uses 100% CPU when it serves as its own backend, which is an automatically generated route resulting from the Docker integration in the default configuration. This issue has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Affected (5)

Products: Traefik: Traefik

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Traefik Traefik	Up to 2.10.5
Traefik Traefik	Version 3.0.0 beta1
Traefik Traefik	Version 3.0.0 beta2
Traefik Traefik	Version 3.0.0 beta3
Traefik Traefik	Version 3.0.0 beta4

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://github.com/traefik/traefik/releases/tag/v2.10.6

Source: security-advisories@github.com

Release Notes

https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5

Source: security-advisories@github.com

Release Notes

https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p

Source: security-advisories@github.com

ExploitThird Party Advisory

https://github.com/traefik/traefik/releases/tag/v2.10.6

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://github.com/traefik/traefik/security/advisories/GHSA-6fwg-jrfw-ff7p

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.