CVE-2023-33933Sensitive Information Exposure in Apache Traffic Server

CWE-200Sensitive Information Exposure5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 64.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Traffic ServerApache Software Foundation Apache Traffic Server
Timeline
PublishedJun 14

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 9.2.0. 8.x users should upgrade to 8.1.7 or later versions 9.x users should upgrade to 9.2.1 or later versions

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDapache/traffic_server8.0.08.1.7+1

🔴Vulnerability Details

3
GHSA
GHSA-2873-9vw6-x36q: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server2023-06-14
CVEList
Apache Traffic Server: s3_auth plugin problem with hash calculation2023-06-14
OSV
CVE-2023-33933: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server2023-06-14

📋Vendor Advisories

1
Debian
CVE-2023-33933: trafficserver - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac...2023
CVE-2023-33933 — Sensitive Information Exposure | cvebase