CVE-2019-20894: Improper Certificate Validation

September 2, 2021

Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.

References

github.com/advisories/GHSA-q9mp-79cp-9g8j
github.com/containous/traefik/commit/2b353971696717e980521b0e4baa1eba66c8d2bf
github.com/containous/traefik/issues/5312
github.com/containous/traefik/pull/7008
nvd.nist.gov/vuln/detail/CVE-2019-20894

Detect and mitigate CVE-2019-20894 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →