Uncontrolled Resource Consumption in Traefik
CVE-2023-47633

7.5HIGH

Key Information:

Vendor

Traefik

Status
Traefik
Vendor
CVE Published:
4 December 2023

What is CVE-2023-47633?

A resource exhaustion vulnerability exists in Traefik when it serves as its own backend using default Docker integration settings. This configuration can lead to 100% CPU usage, drastically affecting performance. The issue arises from an automatically generated route that is inefficient. Users are strongly encouraged to upgrade to Traefik version 2.10.6 or 3.0.0-beta5 to mitigate this concern. No workarounds are currently available.

Affected Version(s)

traefik < 2.10.6 < 2.10.6

traefik >= 3.0.0-beta1, < 3.0.0-beta5 < 3.0.0-beta1, 3.0.0-beta5

References

https://github.com/traefik/traefik/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/traefik/traefik/releases/tag/v2.10.6
x_refsource_MISC
https://github.com/traefik/traefik/releases/tag/v3.0.0-beta5
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.