CVE-2023-47106

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 4, 2023

Updated: Dec 7, 2023

CWE ID 20

Summary

CVE-2023-47106 is a vulnerability affecting Traefik, an open-source HTTP reverse proxy and load balancer. When Traefik receives a URL with a fragment, it automatically URL encodes and forwards it to the backend server, contrary to RFC 7230 guidelines. This issue can be exploited to bypass URI-based access control restrictions when used in conjunction with another frontend proxy like Nginx. The vulnerability is fixed in versions 2.10.6 and 3.0.0-beta5. Upgrading is strongly recommended, as there are currently no known workarounds for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Traefik

Affected Vendors

Traefik

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tNYoQF
https://www.cve.org/CVERecord?id=CVE-2023-47106
https://nvd.nist.gov/vuln/detail/CVE-2023-47106

Back to Vulnerability Database