CVE-2022-41317
published 2022-12-25CVE-2022-41317: An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive…
PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.69%
74.2th percentile
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | squid | < squid 5.7-1 (bookworm) | squid 5.7-1 (bookworm) |
| squid-cache | squid | 4.9 – 4.17 | — |
| squid-cache | squid | >= 5.0.6 < 5.7 | 5.7 |
| squid | squid | >= 0 < 4.13-10+deb11u2 | 4.13-10+deb11u2 |
| squid | squid | >= 0 < 5.7-1 | 5.7-1 |
| squid | squid | >= 0 < 5.7-1 | 5.7-1 |
| squid | squid | >= 0 < 5.7-1 | 5.7-1 |
| squid | squid | >= 0 < 4.10-1ubuntu1.7 | 4.10-1ubuntu1.7 |
| squid | squid | >= 0 < 5.2-1ubuntu4.2 | 5.2-1ubuntu4.2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Squid vulnerabilities
vendor_ubuntu·2022-09-26·CVSS 6.5
CVE-2022-41317 [MEDIUM] Squid vulnerabilities
Title: Squid vulnerabilities
Summary: Several security issues were fixed in Squid.
Mikhail Evdokimov discovered that Squid incorrectly handled cache manager
ACLs. A remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-41317)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2022-41318)
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
squid: exposure of sensitive information in cache manager
vendor_redhat·2022-09-23·CVSS 6.5
CVE-2022-41317 [MEDIUM] CWE-284 squid: exposure of sensitive information in cache manager
squid: exposure of sensitive information in cache manager
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
A flaw was found in squid. A trusted client can directly access the cache manager information, bypassing the manager ACL protection and resulting in information disclosure.
Mitigation: Adding the following line to the squid.conf file is a workaround:
acl manager url_regex +i ^[^:]+://[^/]+/squid-internal-mgr/
Package: squid (Red Hat Enterprise Linux 6) - Not affected
Package: squid34 (Red Hat Enterprise Linux 6) - Not affected
Package: squid (Red Hat Enterpr
Debian
CVE-2022-41317: squid - An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to ...
vendor_debian·2022·CVSS 6.5
CVE-2022-41317 [MEDIUM] CVE-2022-41317: squid - An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to ...
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
Scope: local
bookworm: resolved (fixed in 5.7-1)
bullseye: resolved (fixed in 4.13-10+deb11u2)
forky: resolved (fixed in 5.7-1)
sid: resolved (fixed in 5.7-1)
trixie: resolved (fixed in 5.7-1)
OSV
CVE-2022-41317: An issue was discovered in Squid 4
osv·2022-12-25·CVSS 6.5
CVE-2022-41317 [MEDIUM] CVE-2022-41317: An issue was discovered in Squid 4
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
OSV
squid, squid3 vulnerabilities
osv·2022-09-26·CVSS 6.5
CVE-2022-41317 [MEDIUM] squid, squid3 vulnerabilities
squid, squid3 vulnerabilities
Mikhail Evdokimov discovered that Squid incorrectly handled cache manager
ACLs. A remote attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-41317)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2022-41318)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patchhttp://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mqhttps://www.openwall.com/lists/oss-security/2022/09/23/1http://www.squid-cache.org/Versions/v4/changesets/SQUID-2022_1.patchhttp://www.squid-cache.org/Versions/v5/changesets/SQUID-2022_1.patchhttps://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mqhttps://www.openwall.com/lists/oss-security/2022/09/23/1
2022-12-25
Published