CVE-2023-41752

CWE-200 — Information Exposure5 documents5 sources

Severity

7.5HIGH

EPSS

0.3%

top 42.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Traffic Server Apache Software Foundation Apache Traffic Server Fedoraproject Fedora

Timeline

PublishedOct 17

Description

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2.3, which fixes the issue.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDapache/traffic_server8.0.0 — 8.1.9+1

▶CVEListV5apache_software_foundation/apache_traffic_server8.0.0 — 8.1.8+1

▶Debiantrafficserver< 8.1.9+ds-1~deb11u1+1

Also affects: Fedora 37, 38

🔴Vulnerability Details

OSV

CVE-2023-41752: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server↗2023-10-17

▶

CVEList

Apache Traffic Server: s3_auth plugin problem with hash calculation↗2023-10-17

▶

GHSA

GHSA-3vrx-27jg-h7pf: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server↗2023-10-17

▶

📋Vendor Advisories

Debian

CVE-2023-41752: trafficserver - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac...↗2023

▶