Main Vulnerability Database Vulnerabilities #VU129661

Insufficient verification of data authenticity in Traefik - CVE-2024-45410

Published: September 19, 2024 / Updated: May 5, 2026

Vulnerability identifier: #VU129661

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-45410

CWE-ID: CWE-345

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Traefik

Software vendor:
Containous

Description

The vulnerability allows a remote attacker to bypass security controls by removing or manipulating trusted forwarded headers.

The vulnerability exists due to insufficient verification of data authenticity in Traefik HTTP header handling when processing HTTP/1.1 requests with hop-by-hop headers declared through the Connection header. A remote attacker can send a specially crafted request to bypass security controls by removing or manipulating trusted forwarded headers.

Some backend frameworks may treat underscore and hyphen variants of forwarded header names equivalently, which can allow attacker-supplied replacement values to be used. Client certificate-related forwarded headers are also affected when client certificate authentication is enabled.

Remediation

Install security update from vendor's website.

External links

https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv

Insufficient verification of data authenticity in Traefik - CVE-2024-45410

Description

Remediation

External links

Please verify you're human