CVE-2023-47106
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Dec 4, 2023
Updated: Dec 7, 2023
CWE ID 20
Summary
CVE-2023-47106 is a vulnerability affecting Traefik, an open-source HTTP reverse proxy and load balancer. When Traefik receives a URL with a fragment, it automatically URL encodes and forwards it to the backend server, contrary to RFC 7230 guidelines. This issue can be exploited to bypass URI-based access control restrictions when used in conjunction with another frontend proxy like Nginx. The vulnerability is fixed in versions 2.10.6 and 3.0.0-beta5. Upgrading is strongly recommended, as there are currently no known workarounds for this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Traefik
Affected Vendors
- Traefik
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
Note: This is just a basic overview providing quick insights into CVE-2023-47106 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions