Document toolboxDocument toolbox

Nexus Documentation
CURL vulnerability information (CVE-2023-38545) - Nexus awareness advisory on Microsoft's update KB5014754

Critical vulnerability in Traefik

Owned by Ylva Andersson
Last updated: Dec 19, 2024Version comment
1 min read

Latest update date of this article:
2024-12-19

General information

There is a critical vulnerability, CVE-2024-45410, published by NIST NVD on Traefik reverse proxies, affecting versions 2.x versions until 2.11.9 and 3.x versions until 3.1.3. Traefik is part of our Smart ID Docker compose package. In case your hosting is based on the Smart ID Docker compose package, please verify the used Traefik container version and update if necessary.

This issue affects all Smart ID installations based on our Docker Compose package using Traefik as a reverse proxy.

Official site for the CVE

https://nvd.nist.gov/vuln/detail/CVE-2024-45410

Update Traefik version in Docker Compose configuration

The smartid.env file is part of the Smart ID Docker compose package, for example SmartID-24.11.0-deployment241129.tgz

This is the central configuration file available in /docker/compose/smartid.env

If you are on Traefik 2.x please update to at least 2.11.10, tested including 2.11.16

  1. In /docker/compose/smartid.env, change the Traefik version as described below:
    # -- Traefik #
    TRAEFIK_VERSION=v3.x.x

    to

    # -- Traefik
    TRAEFIK_VERSION=v3.1.4

  2. Update and restart the Traefik container, for example with the following command:

docker compose up -d

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions