CVE-2022-41317
MEDIUM6.5EPSS 1.7%squid - security update
發布日:2022/12/25修改日:2026/4/28
描述
An issue was discovered in Squid 4.9 through 4.17 and 5.0.6 through 5.6. Due to inconsistent handling of internal URIs, there can be Exposure of Sensitive Information about clients using the proxy via an HTTPS request to an internal cache manager URL. This is fixed in 5.7.
受影響套件(4)
- Alpine/squidfrom 0, < 5.7-r0
- Debian/squidfrom 0, < 4.13-10+deb11u2
- Debian/squidfrom 0, < 4.6-1+deb10u8
- Debian/squidfrom 0, < 4.13-10+deb11u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |