CVE-2022-41317

{"id": "CVE-2022-41317", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2022-12-25T19:15:10.767", "references": [{"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2022/09/23/1", "tags": ["Mailing List", "Mitigation", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.openwall.com/lists/oss-security/2022/09/23/1", "tags": ["Mailing List", "Mitigation", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-697"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Squid 4.9 a 4.17 y 5.0.6 a 5.6. Debido al manejo inconsistente de los URI internos, puede haber exposici\u00f3n de informaci\u00f3n confidencial sobre los clientes que usan el proxy a trav\u00e9s de una solicitud HTTPS a una URL del administrador de cach\u00e9 interno. Esto se solucion\u00f3 en 5.7."}], "lastModified": "2024-11-21T07:23:02.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12D3C02F-A954-4850-BF8E-B1C57531AD1E", "versionEndIncluding": "4.17", "versionStartIncluding": "4.9"}, {"criteria": "cpe:2.3:a:squid-cache:squid:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0AA329B0-3111-4416-A9F0-32ED782323ED", "versionEndExcluding": "5.7", "versionStartIncluding": "5.0.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}