CVE-2023-47106 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2023-47106 Interim 1 6 2025-02-16T02:02:33Z current 2023-12-06T00:09:08Z 2025-02-16T02:02:33Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2023-47106 Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed traefik-2.10.7-1.1 traefik2-2.11.5-1.1 traefik-2.10.7-1.1 as a component of openSUSE Tumbleweed traefik2-2.11.5-1.1 as a component of openSUSE Tumbleweed Traefik is an open source HTTP reverse proxy and load balancer. When a request is sent to Traefik with a URL fragment, Traefik automatically URL encodes and forwards the fragment to the backend server. This violates RFC 7230 because in the origin-form the URL should only contain the absolute path and the query. When this is combined with another frontend proxy like Nginx, it can be used to bypass frontend proxy URI-based access control restrictions. This vulnerability has been addressed in versions 2.10.6 and 3.0.0-beta5. Users are advised to upgrade. There are no known workarounds for this vulnerability. CVE-2023-47106 openSUSE Tumbleweed:traefik-2.10.7-1.1 openSUSE Tumbleweed:traefik2-2.11.5-1.1 moderate 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N