Vulnerability for v2.10.7

gopi · April 29, 2024, 7:41pm

hi is there any fixes for below CVE using v2.10.7
CVE-2023-6237
CVE-2024-0727
CVE-2023-48795
CVE-2023-6129

bluepuma77 · April 29, 2024, 8:51pm

Maybe check

ldez · April 30, 2024, 12:09am

Traefik doesn't need to fix CVE that doesn't impact it.

gopi · April 30, 2024, 12:12am

We got the above vulnerability for the traefik images

gopi · April 30, 2024, 12:13am

The CVE that is mentioned is not covered

ldez · April 30, 2024, 12:16am

We (Traefik Maintainers) maintain only the latest versions: v2.11 and v3.0

Same thing for the Docker images.

Those CVEs are false positives in the context of Traefik because Traefik doesn't use OpenSSL or OpenSSH.

Feel free to create your own custom Docker image if needed.

gopi · April 30, 2024, 12:25am

Thanks, for the info.
are there any fixes for below.

CVE-2023-28840
CVE-2023-49295
CVE-2023-28841
CVE-2023-28842

ldez · April 30, 2024, 12:28am

CVE-2023-28840: Traefik is not impacted because it only uses the API client of Docker.
CVE-2023-49295: already fixed
CVE-2023-28841: Traefik is not impacted because it only uses the API client of Docker.
CVE-2023-28842: Traefik is not impacted because it only uses the API client of Docker.

In all cases, we ONLY maintain v2.11 and v3.0.

system · May 3, 2024, 12:29am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Potential CVEs in v2.10.7 Traefik v2 file	5	165	May 18, 2024
CVE vulnerability CVE-2021-41103 and CVE-2021-43816 Traefik v2 middleware	3	469	February 9, 2022
Several CVE's present on the latest traefik version Traefik v2	2	462	November 1, 2023
CVE vulnerability Traefik CVE-2022-29153 Traefik v2 cli	2	449	September 22, 2022
CVE vulnerability Traefik CVE-2022-41717 Traefik v2 file	2	385	December 7, 2022