CVE-2023-47106

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-47106

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-47106.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-47106

Aliases

Related

Published

2023-12-04T21:15:33Z

Modified

2024-09-11T06:13:26.733004Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/traefik/traefik

Affected ranges

Type: GIT
Repo: https://github.com/traefik/traefik
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

519ed8bde58e9ebc6d9618a38a351208820cf273

Last affected

52d2d959afdfe86884d691314a301a387532671c

Last affected

c7cd0df3b38c228ac781b0a61b9d57dc68920aad

Last affected

e54ee89330a800d509da7b11b46a6ecbb331e791

Affected versions

v1.*

v1.0

v1.0.0

v1.0.0-beta.211

v1.0.0-beta.212

v1.0.0-beta.220

v1.0.0-beta.224

v1.0.0-beta.247

v1.0.0-beta.254

v1.0.0-beta.277

v1.0.0-beta.280

v1.0.0-beta.287

v1.0.0-beta.289

v1.0.0-beta.291

v1.0.0-beta.300

v1.0.0-beta.324

v1.0.0-beta.339

v1.0.0-beta.341

v1.0.0-beta.352

v1.0.0-beta.355

v1.0.0-beta.366

v1.0.0-beta.374

v1.0.0-beta.392

v1.0.0-beta.395

v1.0.0-beta.404

v1.0.0-beta.408

v1.0.0-beta.416

v1.0.0-beta.421

v1.0.0-beta.427

v1.0.0-beta.433

v1.0.0-beta.436

v1.0.0-beta.440

v1.0.0-beta.442

v1.0.0-beta.453

v1.0.0-beta.470

v1.0.0-beta.475

v1.0.0-beta.481

v1.0.0-beta.484

v1.0.0-beta.505

v1.0.0-beta.508

v1.0.0-beta.513

v1.0.0-beta.524

v1.0.0-beta.545

v1.0.0-beta.548

v1.0.0-beta.555

v1.0.0-beta.573

v1.0.0-beta.576

v1.0.0-beta.582

v1.0.0-beta.601

v1.0.0-beta.610

v1.0.0-beta.614

v1.0.0-beta.621

v1.0.0-beta.644

v1.0.0-beta.652

v1.0.0-beta.666

v1.0.0-beta.673

v1.0.0-beta.676

v1.0.0-beta.682

v1.0.0-beta.692

v1.0.0-beta.695

v1.0.0-beta.704

v1.0.0-beta.712

v1.0.0-beta.721

v1.0.0-beta.723

v1.0.0-beta.732

v1.0.0-beta.744

v1.0.0-beta.754

v1.0.0-beta.756

v1.0.0-beta.767

v1.0.0-beta.771

v1.0.0-beta.784

v1.0.0-beta.794

v1.0.0-beta.804

v1.0.0-beta.809

v1.0.0-rc1

v1.0.0-rc2

v1.0.0-rc3

v1.0.1

v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185

v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458

v1.0.alpha.157

v1.0.alpha.164

v1.0.alpha.170

v1.0.alpha.171

v1.0.alpha.176

v1.0.alpha.178

v1.0.alpha.182

v1.0.alpha.186

v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e

v1.0.alpha.200

v1.0.alpha.212

v1.0.alpha.215

v1.0.alpha.216

v1.0.alpha.217

v1.0.alpha.228

v1.0.alpha.247

v1.0.alpha.249

v1.0.alpha.250

v1.0.alpha.251

v1.0.alpha.252

v1.0.alpha.256

v1.0.alpha.257

v1.0.alpha.263

v1.0.alpha.266

v1.0.alpha.267

v1.0.alpha.268

v1.0.alpha.269

v1.0.alpha.270

v1.0.alpha.271

v1.0.alpha.272

v1.0.alpha.273

v1.0.alpha.274

v1.0.alpha.275

v1.0.alpha.285

v1.0.alpha.288

v1.0.alpha.290

v1.0.alpha.291

v1.0.alpha.302

v1.0.alpha.306

v1.0.alpha.311

v1.0.alpha.329

v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d

v1.0.alpha.333

v1.0.alpha.336

v1.0.alpha.338

v1.0.alpha.341

v1.0.alpha.357

v1.0.alpha.358

v1.0.alpha.361

v1.0.alpha.364

v1.0.alpha.367

v1.0.alpha.374

v1.0.alpha.392

v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb

v1.0.alpha.404

v1.0.alpha.412

v1.0.alpha.418

v1.0.alpha.421

v1.0.alpha.425

v1.0.alpha.439

v1.0.alpha.443

v1.0.alpha.450

v1.0.alpha.463

v1.0.alpha.469

v1.0.alpha.471

v1.0.alpha.477

v1.0.alpha.481

v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2

v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e

v1.0.alpha.506

v1.0.alpha.516

v1.0.alpha.522

v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b

v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a

v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30

v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff

v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708

v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05

v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b

v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f

v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb

v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e

v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b

v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d

v1.1.0

v1.1.0-rc1

v1.1.0-rc2

v1.1.0-rc3

v1.1.0-rc4

v1.1.1

v1.3.0

v1.3.0-rc1

v1.3.0-rc2

v1.3.0-rc3

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.4.0

v1.4.0-rc1

v1.4.0-rc2

v1.4.0-rc3

v1.4.0-rc4

v1.4.0-rc5

v1.4.1

v1.4.2

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.5.0

v1.5.0-rc1

v1.5.0-rc2

v1.5.0-rc3

v1.5.0-rc4

v1.5.0-rc5

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.6.0

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.6.0-rc4

v1.6.0-rc5

v1.6.0-rc6

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.7.0

v1.7.0-rc1

v1.7.0-rc2

v1.7.0-rc3

v1.7.0-rc4

v1.7.0-rc5

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v2.*

v2.0.0

v2.0.0-alpha1

v2.0.0-alpha2

v2.0.0-alpha3

v2.0.0-alpha4

v2.0.0-alpha5

v2.0.0-alpha6

v2.0.0-alpha7

v2.0.0-alpha8

v2.0.0-beta1

v2.0.0-rc1

v2.0.0-rc2

v2.0.0-rc3

v2.0.0-rc4

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.1.0

v2.1.0-rc1

v2.1.0-rc2

v2.1.0-rc3

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.0-rc1

v2.2.0-rc2

v2.2.0-rc3

v2.2.0-rc4

v2.2.1

v2.2.10

v2.2.11

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.3.0

v2.3.0-rc1

v2.3.0-rc2

v2.3.0-rc3

v2.3.0-rc4

v2.3.0-rc5

v2.3.0-rc6

v2.3.0-rc7

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4.0

v2.4.0-rc1

v2.4.0-rc2

v2.4.1

v2.4.10

v2.4.11

v2.4.12

v2.4.13

v2.4.14

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5.0

v2.5.0-rc1

v2.5.0-rc2

v2.5.0-rc3

v2.5.0-rc4

v2.5.0-rc5

v2.5.0-rc6

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.6.0

v2.6.0-rc1

v2.6.0-rc2

v2.6.0-rc3

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.7.0

v2.7.0-rc1

v2.7.0-rc2

v2.7.1

v2.7.2

v2.7.3

v2.8.0

v2.8.0-rc1

v2.8.0-rc2

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.9.0-rc1

v2.9.0-rc2

v2.9.0-rc3

v2.9.0-rc4

v2.9.0-rc5

v2.9.1

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v3.*

v3.0.0-beta1