Hello,
Traefik is not impacted by those CVEs, I already answer this in several topics inside this forum and GitHub issues.
Answers:
- Fix container vulnerabilities listed on Docker Hub (v2.10.3) · Issue #9994 · traefik/traefik · GitHub
- CVE vulnerabilities for traefik:v2.9.5 - CVE-2021-41803, CVE-2022-40716, CVE-2022-32149 - #2 by ldez
- New Security Updates for Traefik 2.10 and 3.0.0-beta - #3 by svx
- etc.
TLDR:
Traefik is not impacted by those CVEs.
Link to the CVEs:
- CVE-2022-40716: HashiCorp Consul and Consul Enterprise do not check for multiple SAN URI values in a CSR on the internal RPC endpoint.
- CVE-2023-28840: moby/moby's dockerd daemon encrypted overlay network may be unauthenticated
- CVE-2023-28841: moby/moby's dockerd daemon encrypted overlay network traffic may be unencrypted
- CVE-2023-28842: moby/moby's dockerd daemon encrypted overlay network with a single endpoint is unauthenticated