{"id":"CVE-2024-40632","summary":"Linkerd potential access to the shutdown endpoint","details":"Linkerd is an open source, ultralight, security-first service mesh for Kubernetes. In affected versions when the application being run by linkerd is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown. Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header. This issue has been addressed in release version edge-24.6.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","aliases":["GHSA-6v94-gj6x-jqj7","GO-2024-2984"],"modified":"2026-04-10T05:15:26.306959Z","published":"2024-07-15T21:22:57.957Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40632.json","cwe_ids":["CWE-918"],"cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://github.com/linkerd/linkerd2-proxy/blob/46957de49f25fd4661af7b7c52659148f4d6dd27/linkerd/app/admin/src/server.rs"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/40xxx/CVE-2024-40632.json"},{"type":"ADVISORY","url":"https://github.com/linkerd/linkerd2/security/advisories/GHSA-6v94-gj6x-jqj7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-40632"},{"type":"FIX","url":"https://github.com/linkerd/linkerd2/commit/35fb2d6d11ef6520ae516dd717790529f85224fa"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/linkerd/linkerd2","events":[{"introduced":"0"},{"fixed":"35fb2d6d11ef6520ae516dd717790529f85224fa"}]},{"type":"GIT","repo":"https://github.com/linkerd/linkerd2","events":[{"introduced":"0"},{"fixed":"35fb2d6d11ef6520ae516dd717790529f85224fa"}]}],"versions":["edge-18.10.1","edge-18.10.2","edge-18.10.3","edge-18.10.4","edge-18.11.1","edge-18.11.2","edge-18.11.3","edge-18.12.1","edge-18.12.2","edge-18.12.3","edge-18.12.4","edge-18.9.2","edge-18.9.3","edge-19.1.1","edge-19.1.2","edge-19.1.3","edge-19.1.4","edge-19.10.1","edge-19.10.2","edge-19.10.3","edge-19.10.4","edge-19.10.5","edge-19.11.1","edge-19.11.2","edge-19.11.3","edge-19.12.1","edge-19.12.2","edge-19.12.3","edge-19.2.1","edge-19.2.2","edge-19.2.3","edge-19.2.4","edge-19.2.5","edge-19.3.1","edge-19.3.2","edge-19.3.3","edge-19.4.1","edge-19.4.2","edge-19.4.3","edge-19.4.4","edge-19.4.5","edge-19.5.1","edge-19.5.2","edge-19.5.3","edge-19.5.4","edge-19.6.1","edge-19.6.13","edge-19.6.2","edge-19.6.3","edge-19.6.4","edge-19.7.1","edge-19.7.2","edge-19.7.3","edge-19.7.4","edge-19.7.5","edge-19.8.1","edge-19.8.2","edge-19.8.3","edge-19.8.4","edge-19.8.5","edge-19.8.6","edge-19.8.7","edge-19.9.1","edge-19.9.2","edge-19.9.3","edge-19.9.4","edge-19.9.5","edge-20.1.1","edge-20.1.2","edge-20.1.3","edge-20.1.4","edge-20.10.1","edge-20.10.2","edge-20.10.3","edge-20.10.4","edge-20.10.5","edge-20.10.6","edge-20.11.1","edge-20.11.2","edge-20.11.3","edge-20.11.4","edge-20.11.5","edge-20.12.1","edge-20.12.2","edge-20.12.3","edge-20.12.4","edge-20.2.1","edge-20.2.2","edge-20.2.3","edge-20.3.1","edge-20.3.2","edge-20.3.3","edge-20.3.4","edge-20.4.1","edge-20.4.2","edge-20.4.3","edge-20.4.4","edge-20.4.5","edge-20.5.1","edge-20.5.2","edge-20.5.3","edge-20.5.4","edge-20.5.5","edge-20.6.1","edge-20.6.2","edge-20.6.3","edge-20.6.4","edge-20.7.1","edge-20.7.2","edge-20.7.3","edge-20.7.4","edge-20.7.5","edge-20.8.1","edge-20.8.2","edge-20.8.3","edge-20.8.4","edge-20.9.1","edge-20.9.2","edge-20.9.3","edge-20.9.4","edge-21.1.1","edge-21.1.2","edge-21.1.3","edge-21.1.4","edge-21.10.1","edge-21.10.2","edge-21.10.3","edge-21.11.1","edge-21.11.2","edge-21.11.3","edge-21.11.4","edge-21.12.1","edge-21.12.2","edge-21.12.3","edge-21.12.4","edge-21.2.1","edge-21.2.2","edge-21.2.3","edge-21.2.4","edge-21.3.1","edge-21.3.2","edge-21.3.3","edge-21.3.4","edge-21.4.1","edge-21.4.2","edge-21.4.3","edge-21.4.4","edge-21.4.5","edge-21.5.1","edge-21.5.2","edge-21.5.3","edge-21.6.1","edge-21.6.2","edge-21.6.3","edge-21.6.4","edge-21.6.5","edge-21.7.1","edge-21.7.2","edge-21.7.3","edge-21.7.4","edge-21.7.5","edge-21.8.1","edge-21.8.2","edge-21.8.3","edge-21.8.4","edge-21.9.2","edge-21.9.3","edge-21.9.4","edge-21.9.5","edge-22.1.1","edge-22.1.2","edge-22.1.3","edge-22.1.4","edge-22.1.5","edge-22.10.1","edge-22.10.2","edge-22.10.3","edge-22.11.1","edge-22.11.2","edge-22.11.3","edge-22.12.1","edge-22.2.1","edge-22.2.2","edge-22.2.3","edge-22.2.4","edge-22.3.1","edge-22.3.2","edge-22.3.3","edge-22.3.4","edge-22.3.5","edge-22.4.1","edge-22.5.1","edge-22.5.2","edge-22.5.3","edge-22.6.1","edge-22.6.2","edge-22.7.1","edge-22.7.2","edge-22.7.3","edge-22.8.1","edge-22.8.2","edge-22.8.3","edge-22.9.1","edge-22.9.2","edge-23.1.1","edge-23.1.2","edge-23.10.1","edge-23.10.2","edge-23.10.3","edge-23.10.4","edge-23.11.1","edge-23.11.2","edge-23.11.3","edge-23.11.4","edge-23.12.1","edge-23.12.2","edge-23.12.3","edge-23.12.4","edge-23.2.1","edge-23.2.2","edge-23.2.3","edge-23.3.1","edge-23.3.2","edge-23.3.3","edge-23.3.4","edge-23.4.1","edge-23.4.2","edge-23.4.3","edge-23.5.1","edge-23.5.2","edge-23.5.3","edge-23.6.1","edge-23.6.2","edge-23.6.3","edge-23.7.1","edge-23.7.2","edge-23.7.3","edge-23.8.1","edge-23.8.2","edge-23.8.3","edge-23.9.1","edge-23.9.2","edge-23.9.3","edge-23.9.4","edge-24.1.1","edge-24.1.2","edge-24.1.3","edge-24.2.1","edge-24.2.2","edge-24.2.3","edge-24.2.4","edge-24.2.5","edge-24.3.1","edge-24.3.2","edge-24.3.3","edge-24.3.4","edge-24.3.5","edge-24.4.1","edge-24.4.2","edge-24.4.3","edge-24.4.4","edge-24.4.5","edge-24.5.1","edge-24.5.2","edge-24.5.3","edge-24.5.4","edge-24.5.5","edge-24.6.1","stable-2.0.0","stable-2.1.0","stable-2.10.0","stable-2.10.1","stable-2.11.0","stable-2.12.0","stable-2.12.0-rc2","stable-2.12.1","stable-2.13.0","stable-2.13.1","stable-2.14.0","stable-2.2.0","stable-2.3.0","stable-2.4.0","stable-2.5.0","stable-2.6.0","stable-2.7.0","stable-2.8.0","stable-2.8.1","stable-2.9.0","v0.1.0","v0.1.1","v0.1.2","v0.1.3","v0.2.0","v0.3.0","v0.3.1","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v18.7.1","v18.7.2","v18.7.3","v18.8.1","v18.8.2","v18.8.3","v18.8.4","v18.9.1","version-2.15"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40632.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}