Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-41317

An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

Published

2022-12-25T19:15:10.767

Last Modified

2025-04-14T19:15:31.413

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-697
Type: Secondary
CWE-697

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	squid-cache	squid	≤ 4.17	Yes
Application	squid-cache	squid	< 5.7	Yes

References

http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch Patch, Vendor Advisory ([email protected])
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch Patch, Vendor Advisory ([email protected])
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq Mitigation, Patch, Third Party Advisory ([email protected])
https://www.openwall.com/lists/oss-security/2022/09/23/1 Mailing List, Mitigation, Patch, Third Party Advisory ([email protected])
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patch Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patch Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq Mitigation, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.openwall.com/lists/oss-security/2022/09/23/1 Mailing List, Mitigation, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)