Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Latest update date of this article:
2024-12-19

General information

There is a critical vulnerability, CVE-2024-45410, published by NIST NVD on Traefik reverse proxies, affecting versions 2.x versions until 2.11.9 and 3.x versions utill 3.1.3. Traefik is part of our Smart ID Docker compose package. In case your hosting is based on the Smart ID Docker compose package, please verify the used Traefik container version and update if necessary.

This issue affects all Smart ID installations based on our Docker Compose package using Traefik as a reverse proxy.

Official site for the CVE

https://nvd.nist.gov/vuln/detail/CVE-2024-45410

Update Traefik version in Docker Compose configuration

The smartid.env file is part of the Smart ID Docker compose package, for example SmartID-24.11.0-deployment241129.tgz

This is the central configuration file available in /docker/compose/smartid.env

If you are on Traefik 2.x please update to at least 2.11.10, tested including 2.11.16

If you are on Traefik 3.x, please update to at least 3.1.4, tested including 3.2.3

  1. In /docker/compose/smartid.env, change the Traefik version as described below:
    # -- Traefik #
    TRAEFIK_VERSION=v3.x.x

    to

    # -- Traefik
    TRAEFIK_VERSION=v3.1.4

  2. Restart the Traefik container, for example with the following commands:

docker compose up -d
  • No labels

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions