Main Vulnerability Database Vulnerabilities #VU67604

Improper access control in Squid - CVE-2022-41317

Published: September 23, 2022

Vulnerability identifier: #VU67604

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-41317

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Squid

Software vendor:
Squid-cache.org

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to inconsistent handling of internal URIs. A remote authenticated proxy user can bypass the manager ACL protection and access cache manager information, which includes records of internal network structure, client credentials, client identity and client traffic behavior.

Remediation

Install updates from vendor's website.

External links

https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq/

Improper access control in Squid - CVE-2022-41317

Description

Remediation

External links

Please verify you're human