cbcvebase.
CVE-2022-41317
published 2022-12-25

CVE-2022-41317: An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive…

PriorityP335medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
1.69%
74.2th percentile
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiansquid< squid 5.7-1 (bookworm)squid 5.7-1 (bookworm)
squid-cachesquid4.9 – 4.17
squid-cachesquid>= 5.0.6 < 5.75.7
squidsquid>= 0 < 4.13-10+deb11u24.13-10+deb11u2
squidsquid>= 0 < 5.7-15.7-1
squidsquid>= 0 < 5.7-15.7-1
squidsquid>= 0 < 5.7-15.7-1
squidsquid>= 0 < 4.10-1ubuntu1.74.10-1ubuntu1.7
squidsquid>= 0 < 5.2-1ubuntu4.25.2-1ubuntu4.2

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.