x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-rvj4-q8q5-8grf #2941
Description
Advisory GHSA-rvj4-q8q5-8grf references a vulnerability in the following Go modules:
| Module |
|---|
| github.com/traefik/traefik/v2 |
| github.com/traefik/traefik/v2 |
Description:
Impact
There is a vulnerability in Azure Identity Libraries and Microsoft
Authentication Library Elevation of Privilege
Vulnerability.
References
Patches
- https://github.com/traefik/traefik/releases/tag/v2.11.5
- https://github.com/traefik/traefik/releases/tag/v3.0.3
Workarounds
No workaround.
For more information
If you have any questions or comments about this advisory, please open an
issue.
References:
- ADVISORY: GHSA-rvj4-q8q5-8grf
- ADVISORY: GHSA-rvj4-q8q5-8grf
- WEB: https://github.com/traefik/traefik/releases/tag/v2.11.5
- WEB: https://github.com/traefik/traefik/releases/tag/v3.0.3
- WEB: https://nvd.nist.gov/vuln/detail/CVE-2024-35255
Cross references:
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-c6hx-pjc3-7fqr #1057 DEPENDENT_VULNERABILITY
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-468w-8x39-gj5v #1152 EFFECTIVELY_PRIVATE
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-h2ph-vhm7-g4hp #1154 EFFECTIVELY_PRIVATE
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v2: GHSA-7hj9-rv74-5g92 #1715 DEPENDENT_VULNERABILITY
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-4vwx-54mw-vqfw #2722
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik/v3: GHSA-7f4j-64p6-5h5v #2726
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-f7cq-5v43-8pwp #2880
- Module github.com/traefik/traefik/v2 appears in issue x/vulndb: potential Go vuln in github.com/traefik/traefik: GHSA-7jmw-8259-q9jx #2917
See doc/triage.md for instructions on how to triage this report.
id: GO-ID-PENDING
modules:
- module: github.com/traefik/traefik/v2
non_go_versions:
- introduced: TODO (earliest fixed "2.11.5", vuln range "<= 2.11.4")
vulnerable_at: 2.11.5
packages:
- package: github.com/traefik/traefik/v2
- module: github.com/traefik/traefik/v2
non_go_versions:
- introduced: TODO (earliest fixed "3.0.3", vuln range "<= 3.0.2")
vulnerable_at: 2.11.5
packages:
- package: github.com/traefik/traefik/v3
summary: 'ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik/v2'
ghsas:
- GHSA-rvj4-q8q5-8grf
references:
- advisory: https://github.com/advisories/GHSA-rvj4-q8q5-8grf
- advisory: https://github.com/traefik/traefik/security/advisories/GHSA-rvj4-q8q5-8grf
- web: https://github.com/traefik/traefik/releases/tag/v2.11.5
- web: https://github.com/traefik/traefik/releases/tag/v3.0.3
- web: https://nvd.nist.gov/vuln/detail/CVE-2024-35255
source:
id: GHSA-rvj4-q8q5-8grf
created: 2024-06-20T17:01:19.503493218Z
review_status: UNREVIEWED