CVE-2022-41317

2022-12-2519:15:10

Google

osv.dev

cve-2022-41317

squid

sensitive information

https requests

internal uris

cache manager url

security issue

software vulnerability

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.0%

JSON

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

CPENameOperatorVersion
squideq2.7.7-r2
squideq5.0.4-r0
squideq3.2.6-r1
squideq2.7.6-r2
squideq3.4.8-r0
squideq2.7.9-r0
squideq3.4.6-r1
squideq2.7.6-r0
squideq3.2.7-r1
squideq3.2.4-r0

Name	Operator	Version
squid	eq	2.7.7-r2
squid	eq	5.0.4-r0
squid	eq	3.2.6-r1
squid	eq	2.7.6-r2
squid	eq	3.4.8-r0
squid	eq	2.7.9-r0
squid	eq	3.4.6-r1
squid	eq	2.7.6-r0
squid	eq	3.2.7-r1
squid	eq	3.2.4-r0