CVE-2022-41317

CVSS v3.1 6.5 (Medium)

EPSS 0.10 % (43^th)

Affected Products 1

Advisories 13

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

Weaknesses

CWE-668: Exposure of Resource to Wrong Sphere

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2022-12-25 19:15:10
(21 months ago)
Updated Date: 2023-01-05 02:20:37
(20 months ago)

Affected Products

Squid-cache

Squid

Configuration #1

		CPE23	From	Up To
	Squid-cache Squid from 4.9 version and 4.17 and prior versions	cpe:2.3:a:squid-cache:squid	>= 4.9	<= 4.17
	Squid-cache Squid from 5.0.6 version and prior 5.7 version	cpe:2.3:a:squid-cache:squid	>= 5.0.6	< 5.7