Critical vulnerability in Traefik
- Ylva Andersson
Latest update date of this article:
2024-12-19
General information
There is a critical vulnerability, CVE-2024-45410, published by NIST NVD on Traefik reverse proxies, affecting versions 2.x versions until 2.11.9 and 3.x versions until 3.1.3. Traefik is part of our Smart ID Docker compose package. In case your hosting is based on the Smart ID Docker compose package, please verify the used Traefik container version and update if necessary.
This issue affects all Smart ID installations based on our Docker Compose package using Traefik as a reverse proxy.
Official site for the CVE
https://nvd.nist.gov/vuln/detail/CVE-2024-45410
Update Traefik version in Docker Compose configuration
The smartid.env file is part of the Smart ID Docker compose package, for example SmartID-24.11.0-deployment241129.tgz
This is the central configuration file available in /docker/compose/smartid.env
If you are on Traefik 2.x please update to at least 2.11.10, tested including 2.11.16
If you are on Traefik 3.x, please update to at least 3.1.4, tested including 3.2.3
In /docker/compose/smartid.env, change the Traefik version as described below:
# -- Traefik #TRAEFIK_VERSION=v3.x.xto
# -- Traefik
TRAEFIK_VERSION=v3.1.4Update and restart the Traefik container, for example with the following command:
docker compose up -dRelated content
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions