CVE-2019-20894

Name of the Vulnerable Software and Affected Versions Traefik versions 2.x

Description The issue allows HTTPS sessions to proceed without mutual TLS verification in certain configurations, where an error should have occurred due to a bad SSL client authentication certificate. This situation can lead to improper authentication.

Recommendations For Traefik version 2.x, ensure that mutual TLS verification is properly configured to prevent HTTPS sessions from proceeding without authentication. As a temporary workaround, consider reviewing and adjusting the TLS settings to enforce strict verification of client certificates.