THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39321

Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes

AssignerGitHub_M
Reserved2024-06-21
Published2024-07-05
Updated2024-07-05

Description

Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-639: Authorization Bypass Through User-Controlled Key

Product status

< 2.11.6
affected

>= 3.0.0-beta3, < 3.0.4
affected

>= 3.1.0-rc1, < 3.1.0-rc3
affected

References

https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9

https://github.com/traefik/traefik/releases/tag/v2.11.6

https://github.com/traefik/traefik/releases/tag/v3.0.4

https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3

cve.org CVE-2024-39321

nvd.nist.gov CVE-2024-39321

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39321
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit