CVE-2022-46153 HIGH

CVE-2022-46153: Routes exposed with an empty TLSOption in traefik

Vendor Traefik

Product traefik

Weakness CWE-295

Published December 8, 2022

Last update April 23, 2025

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Traefik is an open source HTTP reverse proxy and load balancer. In affected versions there is a potential vulnerability in Traefik managing TLS connections. A router configured with a not well-formatted TLSOption is exposed with an empty TLSOption. For instance, a route secured using an mTLS connection set with a wrong CA file is exposed without verifying the client certificates. Users are advised to upgrade to version 2.9.6. Users unable to upgrade should check their logs to detect the error messages and fix your TLS options.

Key dates

02Disclosure timeline

December 8, 2022 CVE published

April 23, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-46153 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/295.html

Related vulnerabilities

CVE-2022-46153: Routes exposed with an empty TLSOption in traefik

01Description

02Disclosure timeline

03References

04Related CVE