Skip to main content
Skip table of contents

Critical vulnerability in Traefik

Latest update date of this article:
2024-12-19

General information

There is a critical vulnerability, CVE-2024-45410, published by NIST NVD on Traefik reverse proxies, affecting versions 2.x versions until 2.11.9 and 3.x versions until 3.1.3. Traefik is part of our Smart ID Docker compose package. In case your hosting is based on the Smart ID Docker compose package, please verify the used Traefik container version and update if necessary.

This issue affects all Smart ID installations based on our Docker Compose package using Traefik as a reverse proxy.

Official site for the CVE

https://nvd.nist.gov/vuln/detail/CVE-2024-45410

Update Traefik version in Docker Compose configuration

The smartid.env file is part of the Smart ID Docker compose package, for example SmartID-24.11.0-deployment241129.tgz

This is the central configuration file available in /docker/compose/smartid.env

If you are on Traefik 2.x please update to at least 2.11.10, tested including 2.11.16

If you are on Traefik 3.x, please update to at least 3.1.4, tested including 3.2.3

  1. In /docker/compose/smartid.env, change the Traefik version as described below:
    # -- Traefik #
    TRAEFIK_VERSION=v3.x.x

    to

    # -- Traefik
    TRAEFIK_VERSION=v3.1.4

  2. Update and restart the Traefik container, for example with the following command:

CODE 
docker compose up -d
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close