Main Vulnerability Database Vulnerabilities #VU67604

Improper access control in Squid - CVE-2022-41317

Published: September 23, 2022

Vulnerability identifier: #VU67604

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-41317

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Squid-cache.org

Affected software:
Squid

Detailed vulnerability description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to inconsistent handling of internal URIs. A remote authenticated proxy user can bypass the manager ACL protection and access cache manager information, which includes records of internal network structure, client credentials, client identity and client traffic behavior.

How to mitigate CVE-2022-41317

Install updates from vendor's website.

Sources

https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq/

Improper access control in Squid - CVE-2022-41317

Detailed vulnerability description

How to mitigate CVE-2022-41317

Sources

Please verify you're human