CVE-2021-32813

Published: Aug 3, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

4.8

MEDIUM

Description

Traefik is an HTTP reverse proxy and load balancer. Prior to version 2.4.13, there exists a potential header vulnerability in Traefik's handling of the Connection header. Active exploitation of this issue is unlikely, as it requires that a removed header would lead to a privilege escalation, however, the Traefik team has addressed this issue to prevent any potential abuse. If one has a chain of Traefik middlewares, and one of them sets a request header, then sending a request with a certain Connection header will cause it to be removed before the request is sent. In this case, the backend does not see the request header. A patch is available in version 2.4.13. There are no known workarounds aside from upgrading.

Vendor	Product	Versions
traefik	traefik	affected `< 2.4.13` affected `<= 1.7.30`

Weaknesses (CWE)

CWE-913

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/traefik/traefik/security/advisories/GHSA-m697-4v8f-55qg

x_refsource_CONFIRM

https://github.com/traefik/traefik/pull/8319/commits/cbaf86a93014a969b8accf39301932c17d0d73f9

x_refsource_MISC

https://github.com/traefik/traefik/releases/tag/v2.4.13

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-32813

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References